Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3517 | 1 Tor | 1 Tor | 2013-08-21 | 5.0 MEDIUM | N/A |
Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. | |||||
CVE-2012-3518 | 1 Tor | 1 Tor | 2013-08-21 | 5.0 MEDIUM | N/A |
The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document. | |||||
CVE-2012-3519 | 1 Tor | 1 Tor | 2013-08-21 | 5.0 MEDIUM | N/A |
routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | |||||
CVE-2012-2921 | 1 Mark Pilgrim | 1 Feedparser | 2013-08-21 | 5.0 MEDIUM | N/A |
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document. | |||||
CVE-2012-0957 | 1 Linux | 1 Linux Kernel | 2013-08-21 | 4.9 MEDIUM | N/A |
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. | |||||
CVE-2012-0283 | 1 Andreas Gohr | 1 Dokuwiki | 2013-08-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. | |||||
CVE-2013-4114 | 1 Henri Wahl | 1 Nagstamon | 2013-08-21 | 5.0 MEDIUM | N/A |
The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2013-5321 | 1 Alienvault | 1 Open Source Security Information Management | 2013-08-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. | |||||
CVE-2013-5319 | 1 Atlassian | 1 Jira | 2013-08-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. | |||||
CVE-2010-0696 | 2 Joomla, Joomlaworks | 2 Joomla, Jw Allvideos | 2013-08-20 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. | |||||
CVE-1999-1183 | 1 Sgi | 1 Irix | 2013-08-20 | 7.6 HIGH | N/A |
System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type. | |||||
CVE-2013-0167 | 1 Redhat | 1 Enterprise Virtualization | 2013-08-20 | 2.7 LOW | N/A |
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | |||||
CVE-2013-5314 | 1 S9y | 1 Serendipity | 2013-08-20 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter. | |||||
CVE-2013-5313 | 1 Bigtreecms | 1 Bigtree Cms | 2013-08-20 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action. | |||||
CVE-2013-5312 | 1 Vastal | 1 Phpvid | 2013-08-20 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php. | |||||
CVE-2013-5311 | 1 Vastal | 1 Phpvid | 2013-08-20 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157. | |||||
CVE-2013-3348 | 1 Adobe | 1 Shockwave Player | 2013-08-19 | 10.0 HIGH | N/A |
Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2013-3400 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2013-08-19 | 6.8 MEDIUM | N/A |
The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | |||||
CVE-2013-3402 | 1 Cisco | 1 Unified Communications Manager | 2013-08-19 | 6.5 MEDIUM | N/A |
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |||||
CVE-2013-3403 | 1 Cisco | 1 Unified Communications Manager | 2013-08-19 | 6.8 MEDIUM | N/A |
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. |