Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0706 | 1 Nec | 1 Universal Raid Utility | 2013-03-07 | 9.0 HIGH | N/A |
| NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors. | |||||
| CVE-2013-1153 | 1 Cisco | 1 Prime Infrastructure | 2013-03-07 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. | |||||
| CVE-2013-2493 | 1 Google | 1 Chrome Frame | 2013-03-07 | 4.3 MEDIUM | N/A |
| The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote attackers to cause a denial of service (application crash) via an _blank value for the target attribute of an A element. | |||||
| CVE-2013-1618 | 1 Opera | 1 Opera Browser | 2013-03-07 | 4.0 MEDIUM | N/A |
| The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | |||||
| CVE-2013-1621 | 1 Polarssl | 1 Polarssl | 2013-03-07 | 4.3 MEDIUM | N/A |
| Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. | |||||
| CVE-2013-1637 | 1 Opera | 1 Opera Browser | 2013-03-07 | 9.3 HIGH | N/A |
| Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. | |||||
| CVE-2013-1638 | 1 Opera | 1 Opera Browser | 2013-03-07 | 9.3 HIGH | N/A |
| Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. | |||||
| CVE-2013-1639 | 1 Opera | 1 Opera Browser | 2013-03-07 | 6.8 MEDIUM | N/A |
| Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request. | |||||
| CVE-2013-0190 | 1 Linux | 1 Linux Kernel | 2013-03-07 | 4.9 MEDIUM | N/A |
| The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. | |||||
| CVE-2012-4450 | 1 Fedoraproject | 1 389 Directory Server | 2013-03-07 | 6.0 MEDIUM | N/A |
| 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. | |||||
| CVE-2012-4543 | 1 Redhat | 1 Certificate System | 2013-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script. | |||||
| CVE-2011-4318 | 1 Dovecot | 1 Dovecot | 2013-03-06 | 5.8 MEDIUM | N/A |
| Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname. | |||||
| CVE-2012-5053 | 1 Trimble | 2 Infrastructure Gnss Series Receivers, Infrastructure Gnss Series Receivers Firmware | 2013-03-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1141 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2013-03-06 | 6.1 MEDIUM | N/A |
| The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153. | |||||
| CVE-2013-1140 | 1 Cisco | 1 Security Monitoring Analysis And Response System | 2013-03-06 | 4.3 MEDIUM | N/A |
| The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. | |||||
| CVE-2013-1048 | 1 Debian | 1 Apache2 | 2013-03-06 | 4.6 MEDIUM | N/A |
| The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. | |||||
| CVE-2013-0630 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2013-03-05 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-0931 | 2 Microsoft, Rsa | 3 Windows 2003 Server, Windows Xp, Authentication Agent For Windows | 2013-03-05 | 5.4 MEDIUM | N/A |
| EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. | |||||
| CVE-2012-2288 | 1 Emc | 1 Networker | 2013-03-05 | 9.3 HIGH | N/A |
| Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message. | |||||
| CVE-2012-6026 | 1 Cisco | 2 Aironet Access Point, Aironet Access Point Software | 2013-03-05 | 6.1 MEDIUM | N/A |
| The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460. | |||||