Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6721 | 1 Bouncycastle | 2 Bouncy-castle-crypto-package, Legion-of-the-bouncy-castle-java-crytography-api | 2012-11-15 | 10.0 HIGH | N/A |
| The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes." | |||||
| CVE-2011-5211 | 1 Intelliants | 1 Subrion Cms | 2012-11-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452. | |||||
| CVE-2011-5241 | 1 Services Twitter Group | 1 Services Twitter | 2012-11-14 | 5.8 MEDIUM | N/A |
| Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-4884 | 1 Bestpractical | 1 Rt | 2012-11-14 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client. | |||||
| CVE-2012-4483 | 2 Acquia, Drupal | 2 Commons, Drupal | 2012-11-12 | 5.0 MEDIUM | N/A |
| The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | |||||
| CVE-2012-4554 | 1 Drupal | 1 Drupal | 2012-11-12 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. | |||||
| CVE-2012-4553 | 1 Drupal | 1 Drupal | 2012-11-12 | 6.8 MEDIUM | N/A |
| Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." | |||||
| CVE-2012-4515 | 1 Kde | 1 Kde | 2012-11-12 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | |||||
| CVE-2012-4514 | 1 Kde | 1 Kde | 2012-11-12 | 5.0 MEDIUM | N/A |
| rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | |||||
| CVE-2012-4513 | 1 Kde | 1 Kde | 2012-11-12 | 6.4 MEDIUM | N/A |
| khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | |||||
| CVE-2012-2455 | 1 Advance Productivity Software | 1 Dte Axiom | 2012-11-11 | 6.4 MEDIUM | N/A |
| Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors. | |||||
| CVE-2012-4730 | 1 Bestpractical | 1 Rt | 2012-11-11 | 3.5 LOW | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | |||||
| CVE-2012-4521 | 2012-11-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4505. Reason: This candidate is a duplicate of CVE-2012-4505. Notes: All CVE users should reference CVE-2012-4505 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-0736 | 1 Simon Brown | 1 Pebble | 2012-11-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1154 | 1 Redhat | 2 Jboss Enterprise Application Platform, Mod Cluster | 2012-11-07 | 4.3 MEDIUM | N/A |
| mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors. | |||||
| CVE-2012-4436 | 1 Cipherdyne | 1 Fwknop | 2012-11-07 | 4.4 MEDIUM | N/A |
| Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments. | |||||
| CVE-2012-5672 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2012-11-07 | 4.3 MEDIUM | N/A |
| Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. | |||||
| CVE-2011-5236 | 1 Moneris | 1 Eselect Plus | 2012-11-06 | 5.8 MEDIUM | N/A |
| Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2011-5237 | 1 Paypal | 1 Wps Toolkit | 2012-11-06 | 5.8 MEDIUM | N/A |
| PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2011-5238 | 1 Google | 1 Checkout-php | 2012-11-06 | 5.8 MEDIUM | N/A |
| google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||