Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7246 | 1 Daum Communications | 1 Daumgame Activex Control | 2017-08-28 | 9.3 HIGH | N/A |
| Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014. | |||||
| CVE-2013-7254 | 1 Opsview | 1 Opsview | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7255 | 1 Opsview | 1 Opsview | 2017-08-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-7257 | 1 Codiad | 1 Codiad | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | |||||
| CVE-2013-7269 | 1 Linux | 1 Linux Kernel | 2017-08-28 | 4.9 MEDIUM | N/A |
| The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-7270 | 1 Linux | 1 Linux Kernel | 2017-08-28 | 4.9 MEDIUM | N/A |
| The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-7271 | 1 Linux | 1 Linux Kernel | 2017-08-28 | 4.9 MEDIUM | N/A |
| The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-7274 | 1 Wallpaperscript | 1 Wallpaperscript | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. | |||||
| CVE-2013-7276 | 2 Recommend To A Friend Project, Wordpress | 2 Recommend To A Friend, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter. | |||||
| CVE-2013-7278 | 1 Naxtech | 1 Cms Afroditi | 2017-08-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. | |||||
| CVE-2013-7279 | 2 Anthony Mills, Wordpress | 2 S3 Video, Wordpress | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter. | |||||
| CVE-2013-7281 | 1 Linux | 1 Linux Kernel | 2017-08-28 | 4.9 MEDIUM | N/A |
| The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-7296 | 1 Freedesktop | 1 Poppler | 2017-08-28 | 5.0 MEDIUM | N/A |
| The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. | |||||
| CVE-2013-7298 | 1 Tntnet | 1 Cxxtools | 2017-08-28 | 5.0 MEDIUM | N/A |
| query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters. | |||||
| CVE-2013-7299 | 1 Tntnet | 1 Tntnet | 2017-08-28 | 5.0 MEDIUM | N/A |
| framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests. | |||||
| CVE-2013-7300 | 1 Craig Drummond | 1 Cantata | 2017-08-28 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301. | |||||
| CVE-2013-7303 | 1 Spip | 1 Spip | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field. | |||||
| CVE-2013-7304 | 1 Checkpoint | 1 Endpoint Security Mi Server R73 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client. | |||||
| CVE-2013-7321 | 1 D-link | 2 Dap 2253, Dap 2253 Firmware | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7322 | 1 Nongnu | 1 Oath Toolkit | 2017-08-28 | 4.9 MEDIUM | N/A |
| usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath. | |||||