Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2012-2827 Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2012-2828 Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted doc... | N/A | NONE | — | 0 |
| CVE-2012-2830 Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via u... | N/A | NONE | — | 0 |
| CVE-2012-2831 Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references. | N/A | NONE | — | 0 |
| CVE-2012-2832 The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or p... | N/A | NONE | — | 0 |
| CVE-2012-2833 Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown v... | N/A | NONE | — | 0 |
| CVE-2012-2834 Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format. | N/A | NONE | — | 0 |
| CVE-2012-1989 telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connecti... | N/A | NONE | — | 0 |
| CVE-2012-3802 Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. | N/A | NONE | — | 0 |
| CVE-2011-4956 Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2011-4957 The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denia... | N/A | NONE | — | 0 |
| CVE-2012-2388 The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." | N/A | NONE | — | 0 |
| CVE-2012-2451 The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these detail... | N/A | NONE | — | 0 |
| CVE-2012-2717 Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL fi... | N/A | NONE | — | 0 |
| CVE-2012-3814 Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf ... | N/A | NONE | — | 0 |
| CVE-2012-3815 Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port... | N/A | NONE | — | 0 |
| CVE-2012-3816 WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet. | N/A | NONE | — | 0 |
| CVE-2012-2742 Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack ... | N/A | NONE | — | 0 |
| CVE-2012-2743 Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. | N/A | NONE | — | 0 |
| CVE-2012-3053 Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 al... | N/A | NONE | — | 0 |
| CVE-2012-3054 Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 ... | N/A | NONE | — | 0 |
| CVE-2012-3055 Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1... | N/A | NONE | — | 0 |
| CVE-2012-3056 Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remo... | N/A | NONE | — | 0 |
| CVE-2012-3057 Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 ... | N/A | NONE | — | 0 |
| CVE-2012-3232 Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. | N/A | NONE | — | 0 |
| CVE-2012-3818 The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. | N/A | NONE | — | 0 |
| CVE-2010-5076 QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL serv... | N/A | NONE | — | 0 |
| CVE-2012-0813 Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information. | N/A | NONE | — | 0 |
| CVE-2012-1118 The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attacker... | N/A | NONE | — | 0 |
| CVE-2012-1119 MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection. | N/A | NONE | — | 0 |
| CVE-2012-1120 The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOA... | N/A | NONE | — | 0 |
| CVE-2012-1121 MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | N/A | NONE | — | 0 |
| CVE-2012-1122 bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with... | N/A | NONE | — | 0 |
| CVE-2012-1123 The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. | N/A | NONE | — | 0 |
| CVE-2012-1164 slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attribu... | N/A | NONE | — | 0 |
| CVE-2012-2643 Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. | N/A | NONE | — | 0 |
| CVE-2012-2098 Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a deni... | N/A | NONE | — | 0 |
| CVE-2012-2385 The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | N/A | NONE | — | 0 |
| CVE-2012-2664 The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive... | N/A | NONE | — | 0 |
| CVE-2012-2690 virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users ... | N/A | NONE | — | 0 |
| CVE-2012-3859 Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. | N/A | NONE | — | 0 |
| CVE-2012-2698 Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to i... | N/A | NONE | — | 0 |
| CVE-2012-2012 HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an u... | N/A | NONE | — | 0 |
| CVE-2012-2013 Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown... | N/A | NONE | — | 0 |
| CVE-2012-2014 HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2012-2015 Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2012-2016 Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2012-2017 Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-On... | N/A | NONE | — | 0 |
| CVE-2012-2392 Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 80... | N/A | NONE | — | 0 |
| CVE-2012-2393 epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attac... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.