Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1177 | 1 Gnome | 1 Libgdata | 2013-04-04 | 5.1 MEDIUM | N/A |
| libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. | |||||
| CVE-2012-1576 | 1 Atheme | 1 Atheme | 2013-04-04 | 6.0 MEDIUM | N/A |
| The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. | |||||
| CVE-2012-0419 | 1 Novell | 1 Groupwise | 2013-04-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request. | |||||
| CVE-2011-4578 | 1 Tedfelix | 1 Acpid2 | 2013-04-04 | 4.6 MEDIUM | N/A |
| event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls. | |||||
| CVE-2011-4616 | 1 Igor Vlasenko | 1 Html-template-pro | 2013-04-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters. | |||||
| CVE-2011-3827 | 1 Novell | 1 Groupwise | 2013-04-04 | 4.3 MEDIUM | N/A |
| The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment. | |||||
| CVE-2011-1595 | 1 Rdesktop | 1 Rdesktop | 2013-04-04 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. | |||||
| CVE-2012-4710 | 1 Invensys | 1 Wonderware Win-xml Exporter | 2013-04-04 | 9.3 HIGH | N/A |
| Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference. | |||||
| CVE-2013-2761 | 1 Schneider-electric | 1 Modicon M340 | 2013-04-04 | 4.0 MEDIUM | N/A |
| The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. | |||||
| CVE-2013-0664 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2013-04-04 | 8.5 HIGH | N/A |
| The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. | |||||
| CVE-2013-2762 | 1 Schneider-electric | 1 Magelis Xbt Hmi | 2013-04-04 | 10.0 HIGH | N/A |
| The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | |||||
| CVE-2013-0317 | 2 Drupal, Joe Haskins | 2 Drupal, Og Manager Change | 2013-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field. | |||||
| CVE-2013-0319 | 2 Drupal, Yandex.metrics Project | 2 Drupal, Yandex Metrics | 2013-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. | |||||
| CVE-2013-0323 | 2 Display Suite Project, Drupal | 2 Ds, Drupal | 2013-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. | |||||
| CVE-2013-0324 | 2 Drupal, Tomasbarej | 2 Drupal, Menu Reference | 2013-04-03 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. | |||||
| CVE-2012-6116 | 1 Katello | 2 Katello, Katello-configure | 2013-04-03 | 2.1 LOW | N/A |
| modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. | |||||
| CVE-2012-6119 | 2 Candlepinproject, Redhat | 2 Candlepin, Subscription Asset Manager | 2013-04-02 | 2.1 LOW | N/A |
| Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | |||||
| CVE-2012-6129 | 3 Canonical, Fedoraproject, Transmissionbt | 3 Ubuntu Linux, Fedora, Transmission | 2013-04-02 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets." | |||||
| CVE-2013-0919 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2013-04-02 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window. | |||||
| CVE-2013-0935 | 1 Emc | 1 Smarts Network Configuration Manager | 2013-04-02 | 9.3 HIGH | N/A |
| EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||