Export limit exceeded: 74862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0517 | 1 Ibm | 1 Sterling External Authentication Server | 2024-11-21 | 7.8 High |
| A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | ||||
| CVE-2013-0507 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 8.1 High |
| IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | ||||
| CVE-2013-0293 | 1 Ovirt | 1 Node | 2024-11-21 | 7.8 High |
| oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | ||||
| CVE-2013-0291 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 7.5 High |
| NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | ||||
| CVE-2013-0264 | 1 Redhat | 1 Mrg Management Console | 2024-11-21 | 7.5 High |
| An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. | ||||
| CVE-2013-0243 | 1 Haskell | 1 Hs-tls | 2024-11-21 | 7.4 High |
| haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections | ||||
| CVE-2013-0165 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.3 High |
| cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp. | ||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more | 2024-11-21 | 7.5 High |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | ||||
| CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2024-11-21 | 7.5 High |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. | ||||
| CVE-2012-6639 | 3 Canonical, Debian, Suse | 3 Cloud-init, Debian Linux, Linux Enterprise Server | 2024-11-21 | 8.8 High |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | ||||
| CVE-2012-6614 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-11-21 | 7.2 High |
| D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | ||||
| CVE-2012-6613 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-11-21 | 7.2 High |
| D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. | ||||
| CVE-2012-6610 | 1 Polycom | 3 Hdx 8000, Hdx Video End Points, Uc Apl | 2024-11-21 | 8.8 High |
| Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature. | ||||
| CVE-2012-6609 | 1 Polycom | 3 Hdx 8000, Hdx Video End Points, Uc Apl | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. | ||||
| CVE-2012-6345 | 1 Novell | 1 Zenworks Configuration Management | 2024-11-21 | 7.5 High |
| Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. | ||||
| CVE-2012-6309 | 1 Arctic Torrent Project | 1 Arctic Torrent | 2024-11-21 | 7.5 High |
| A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service. | ||||
| CVE-2012-6307 | 1 Impulseadventure | 1 Jpegsnoop | 2024-11-21 | 8.8 High |
| A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code | ||||
| CVE-2012-6302 | 1 Soapbox Project | 1 Soapbox | 2024-11-21 | 7.8 High |
| Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | ||||
| CVE-2012-6297 | 1 Dd-wrt | 1 Dd-wrt | 2024-11-21 | 8.8 High |
| Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. | ||||
| CVE-2012-6277 | 3 Hp, Ibm, Symantec | 7 Autonomy Keyview Idol, Domino, Notes and 4 more | 2024-11-21 | 7.8 High |
| Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code." | ||||