Max CVSS 10.0 Min CVSS 2.1 Total Count46
IDCVSSSummaryLast (major) updatePublished
CVE-2013-4788 5.1
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control e
30-12-2016 - 21:59 04-10-2013 - 13:55
CVE-2013-4256 4.6
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function
30-12-2016 - 21:59 09-10-2013 - 10:54
CVE-2013-2897 4.7
Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap
30-12-2016 - 21:59 16-09-2013 - 09:01
CVE-2013-2893 4.7
The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds
30-12-2016 - 21:59 16-09-2013 - 09:01
CVE-2013-2892 4.7
drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a cra
30-12-2016 - 21:59 16-09-2013 - 09:01
CVE-2013-2889 4.7
drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a craf
30-12-2016 - 21:59 16-09-2013 - 09:01
CVE-2013-4316 10.0
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
07-12-2016 - 12:34 30-09-2013 - 17:55
CVE-2013-4332 4.3
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_mema
28-11-2016 - 14:09 09-10-2013 - 18:55
CVE-2013-5486 10.0
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue7
16-09-2016 - 16:47 23-09-2013 - 06:18
CVE-2011-4619 5.0
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2011-4576 5.0
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2013-4362 7.2
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
04-04-2016 - 09:10 30-09-2013 - 18:55
CVE-2013-2899 4.7
drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS)
25-03-2015 - 21:59 16-09-2013 - 09:01
CVE-2013-4310 5.8
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
05-05-2014 - 01:25 30-09-2013 - 17:55
CVE-2013-1443 5.0
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.
27-01-2014 - 23:51 23-09-2013 - 16:55
CVE-2013-4162 4.7
The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) vi
03-01-2014 - 23:48 29-07-2013 - 09:59
CVE-2013-2896 4.7
drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a cra
03-01-2014 - 23:47 16-09-2013 - 09:01
CVE-2013-2895 5.4
drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOP
03-01-2014 - 23:47 16-09-2013 - 09:01
CVE-2013-2888 6.2
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption)
03-01-2014 - 23:47 16-09-2013 - 09:01
CVE-2013-2141 2.1
The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2
03-01-2014 - 23:46 07-06-2013 - 10:03
CVE-2013-4339 7.5
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
30-12-2013 - 23:25 12-09-2013 - 09:30
CVE-2013-3749 3.5
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previ
19-12-2013 - 23:35 17-07-2013 - 09:41
CVE-2013-4326 4.6
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process
08-12-2013 - 01:00 03-10-2013 - 17:55
CVE-2013-4324 4.6
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race co
30-10-2013 - 23:34 03-10-2013 - 17:55
CVE-2012-3511 6.2
Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call.
23-10-2013 - 23:40 03-10-2012 - 23:28
CVE-2013-5490 7.8
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug I
17-10-2013 - 15:23 23-09-2013 - 06:18
CVE-2013-4340 3.5
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.
02-10-2013 - 00:29 12-09-2013 - 09:30
CVE-2013-4338 7.5
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.
02-10-2013 - 00:29 12-09-2013 - 09:28
CVE-2013-4254 6.9
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware even
02-10-2013 - 00:29 24-08-2013 - 23:27
CVE-2013-4163 4.7
The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users t
02-10-2013 - 00:29 29-07-2013 - 09:59
CVE-2013-5487 7.8
DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029.
23-09-2013 - 19:15 23-09-2013 - 06:18
CVE-2013-3788 4.3
Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Supplier Management.
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3778 4.3
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Help.
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3777 4.3
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Signon.
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3767 4.3
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite Access Gate 1.2.1 allows remote attackers to affect integrity via unknown vectors.
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3756 5.5
Unspecified vulnerability in the Oracle Landed Cost Management component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Shipment Workbench
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3747 4.0
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Client System Analyzer
22-08-2013 - 02:53 17-07-2013 - 09:41
CVE-2013-2340 10.0
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrar
08-07-2013 - 00:00 06-07-2013 - 09:57
CVE-2013-2341 7.1
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote authenticated users to execut
08-07-2013 - 00:00 06-07-2013 - 09:57
CVE-2012-5951 7.2
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.
11-03-2013 - 23:18 26-12-2012 - 13:55
CVE-2012-0920 7.1
Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple cra
20-06-2012 - 00:00 05-06-2012 - 18:55
CVE-2011-2608 6.4
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in th
25-08-2011 - 00:00 01-07-2011 - 06:55
CVE-2008-3814 5.8
Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to bypass authentication and read or modi
18-05-2011 - 00:00 08-10-2008 - 18:00
CVE-2010-1572 9.0
Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls.
17-06-2010 - 01:39 09-06-2010 - 20:30
CVE-2009-1874 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
26-08-2009 - 01:24 18-08-2009 - 18:30
CVE-2009-1873 4.0
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the logfile parameter.
26-08-2009 - 01:24 18-08-2009 - 18:30
Back to Top Mark selected
Back to Top