Total
307670 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0163 | 1 Redhat | 1 Openshift | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | |||||
| CVE-2013-0161 | 1 Havalite | 1 Havalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Havalite CMS 1.1.7 has a stored XSS vulnerability | |||||
| CVE-2013-0159 | 1 Fedoraproject | 1 Fedora | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | |||||
| CVE-2012-6721 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | |||||
| CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | |||||
| CVE-2012-6719 | 1 Sharebar Project | 1 Sharebar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The sharebar plugin before 1.2.2 for WordPress has SQL injection. | |||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | |||||
| CVE-2012-6717 | 1 Redirection | 1 Redirection | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. | |||||
| CVE-2012-6716 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | |||||
| CVE-2012-6715 | 1 Formbuilder Project | 1 Formbuilder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. | |||||
| CVE-2012-6714 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. | |||||
| CVE-2012-6713 | 1 Wp-jobmanager | 1 Job Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. | |||||
| CVE-2012-6712 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. | |||||
| CVE-2012-6711 | 2 Gnu, Redhat | 2 Bash, Enterprise Linux | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
| A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). | |||||
| CVE-2012-6710 | 1 Extplorer | 1 Extplorer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. | |||||
| CVE-2012-6709 | 2 Elinks, Twibright | 2 Elinks, Links | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. | |||||
| CVE-2012-6708 | 1 Jquery | 1 Jquery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. | |||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | |||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | |||||
| CVE-2012-6671 | 1 Dragonbyte-tech | 1 Forumon Rpg Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters. | |||||