Max CVSS 9.3 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2012-3489 4.0
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or U
15-02-2024 - 03:22 03-10-2012 - 21:55
CVE-2013-0333 7.5
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct S
13-02-2023 - 04:41 30-01-2013 - 12:00
CVE-2012-3525 5.8
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.
13-02-2023 - 04:34 25-08-2012 - 16:55
CVE-2012-2088 7.5
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff
13-02-2023 - 04:33 22-07-2012 - 17:55
CVE-2013-0156 7.5
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection
13-02-2023 - 00:27 13-01-2013 - 22:55
CVE-2011-3058 4.3
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
14-04-2020 - 15:17 30-03-2012 - 22:55
CVE-2012-3756 9.3
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.
19-09-2017 - 01:35 09-11-2012 - 19:55
CVE-2012-3488 4.9
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensiti
08-12-2016 - 03:02 03-10-2012 - 21:55
CVE-2012-3749 5.0
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
17-08-2013 - 06:47 03-11-2012 - 17:55
CVE-2013-0976 6.8
IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.
05-06-2013 - 04:00 15-03-2013 - 20:55
CVE-2013-0966 6.4
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted path
18-03-2013 - 16:52 15-03-2013 - 20:55
CVE-2013-0967 4.3
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.
18-03-2013 - 16:48 15-03-2013 - 20:55
CVE-2013-0969 4.9
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of
18-03-2013 - 16:01 15-03-2013 - 20:55
CVE-2013-0971 6.8
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
18-03-2013 - 15:50 15-03-2013 - 20:55
CVE-2013-0973 6.8
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
18-03-2013 - 04:00 15-03-2013 - 20:55
CVE-2013-0963 2.1
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value t
16-03-2013 - 03:39 29-01-2013 - 05:58
CVE-2013-0970 4.3
Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL.
15-03-2013 - 20:55 15-03-2013 - 20:55
Back to Top Mark selected
Back to Top