Total
31683 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1567 | 1 Linuxmint | 1 Linuxmint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. | |||||
| CVE-2012-1566 | 1 Linuxmint | 1 Linuxmint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. | |||||
| CVE-2012-10016 | 1 Halulu | 1 Simple-download-button-shortcode | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-0063 | 1 Tucaneando | 1 Tucan | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. | |||||
| CVE-2011-5331 | 1 Distributed Ruby Project | 1 Distributed Ruby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. | |||||
| CVE-2011-5330 | 1 Distributed Ruby Project | 1 Distributed Ruby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. | |||||
| CVE-2011-4943 | 1 Impresspages | 1 Impresspages Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) | |||||
| CVE-2011-4917 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. | |||||
| CVE-2011-4117 | 1 Cpan | 1 Batch\ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | |||||
| CVE-2011-4115 | 1 Cpan | 1 Parallel\ | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. | |||||
| CVE-2011-3621 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. | |||||
| CVE-2011-2668 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header | |||||
| CVE-2011-2177 | 1 Apache | 1 Openoffice | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. | |||||
| CVE-2011-1517 | 1 Sap | 1 Netweaver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. | |||||
| CVE-2009-1120 | 1 Dell | 1 Emc Replistor | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker. | |||||
| CVE-2005-2354 | 1 Nvu | 1 Nvu | 2024-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | |||||
| CVE-2003-5001 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-20 | 7.5 HIGH | 5.3 MEDIUM |
| A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-46794 | 1 Linux | 1 Linux Kernel | 2024-11-20 | N/A | 3.3 LOW |
| In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable (val) on the stack to the VMM. This variable is only needed as an output value. It did not need to be passed to the VMM in the first place. Do not send the original value of *val to the VMM. [ dhansen: clarify what 'val' is used for. ] | |||||
| CVE-2024-46827 | 1 Linux | 1 Linux Kernel | 2024-11-20 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. This issue arises when EHT-PHY capabilities shows support for a bandwidth and MCS-NSS set for that particular bandwidth is filled by zeros and due to this, driver obtains peer_nss as 0 and sending this value to firmware causes crash. Address this issue by implementing a validation step for the peer_nss value before passing it to the firmware. If the value is greater than zero, proceed with forwarding it to the firmware. However, if the value is invalid, reject the association request to prevent potential firmware crashes. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 | |||||
| CVE-2024-50060 | 1 Linux | 1 Linux Kernel | 2024-11-20 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: io_uring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously prevents syzbot from running a test case that generates a ton of overflow entries, and then flushing them can take quite a while. Check for needing to reschedule while flushing, and drop our locks and do so if necessary. There's no state to maintain here as overflows always prune from head-of-list, hence it's fine to drop and reacquire the locks at the end of the loop. | |||||