| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-2760 |
264 |
2
|
|
2012-07-25 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. |
|
2 |
CVE-2010-4734 |
79 |
2
|
XSS |
2011-02-16 |
2011-09-22 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information. |
|
3 |
CVE-2010-0971 |
79 |
2
|
XSS |
2010-03-16 |
2017-08-17 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information. |
|
4 |
CVE-2014-4701 |
200 |
1
|
+Info |
2014-12-05 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. |
|
5 |
CVE-2013-5791 |
|
1
|
Exec Code Overflow |
2013-10-16 |
2018-10-12 |
1.5 |
None |
Local |
Medium |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name. |
|
6 |
CVE-2013-5099 |
79 |
1
|
XSS |
2013-08-09 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php. |
|
7 |
CVE-2012-5914 |
79 |
1
|
XSS |
2012-11-17 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. |
|
8 |
CVE-2012-5349 |
79 |
1
|
XSS |
2012-10-09 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. |
|
9 |
CVE-2012-5325 |
79 |
1
|
XSS |
2012-10-08 |
2017-08-29 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. |
|
10 |
CVE-2012-4615 |
310 |
1
|
+Info |
2012-11-27 |
2013-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. |
|
11 |
CVE-2012-2425 |
20 |
1
|
DoS |
2012-04-25 |
2021-07-23 |
1.8 |
None |
Local Network |
High |
Not required |
None |
None |
Partial |
|
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI. |
|
12 |
CVE-2012-0976 |
79 |
1
|
XSS |
2012-02-02 |
2017-08-29 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. |
|
13 |
CVE-2012-0933 |
79 |
1
|
XSS |
2012-01-29 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. |
|
14 |
CVE-2011-5204 |
255 |
1
|
+Info |
2012-10-04 |
2012-10-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. |
|
15 |
CVE-2011-0652 |
20 |
1
|
DoS |
2011-01-28 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information. |
|
16 |
CVE-2011-0515 |
|
1
|
DoS |
2011-01-20 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook. |
|
17 |
CVE-2010-4883 |
79 |
1
|
XSS |
2011-10-07 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. |
|
18 |
CVE-2010-4783 |
79 |
1
|
XSS |
2011-04-07 |
2018-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters. |
|
19 |
CVE-2010-4607 |
79 |
1
|
XSS |
2010-12-29 |
2011-01-04 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information. |
|
20 |
CVE-2010-2038 |
79 |
1
|
XSS |
2010-05-25 |
2018-10-10 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
21 |
CVE-2010-1997 |
79 |
1
|
XSS |
2010-05-20 |
2018-10-10 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. |
|
22 |
CVE-2010-1856 |
79 |
1
|
XSS |
2010-05-07 |
2010-05-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. |
|
23 |
CVE-2010-1584 |
79 |
1
|
XSS |
2010-05-19 |
2017-08-17 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. |
|
24 |
CVE-2009-4118 |
|
1
|
DoS |
2009-12-01 |
2012-10-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. |
|
25 |
CVE-2009-3562 |
79 |
1
|
XSS |
2009-10-05 |
2017-09-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. |
|
26 |
CVE-2008-0334 |
79 |
1
|
XSS |
2008-01-17 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. |
|
27 |
CVE-2007-3838 |
|
1
|
XSS |
2007-07-17 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
28 |
CVE-2006-3656 |
|
1
|
Mem. Corr. |
2006-07-18 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. |
|
29 |
CVE-2004-2502 |
|
1
|
|
2004-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file. |
|
30 |
CVE-1999-1251 |
|
1
|
DoS |
1996-12-24 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service. |
|
31 |
CVE-1999-1205 |
|
1
|
DoS |
1996-06-07 |
2018-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. |
|
32 |
CVE-2022-37451 |
|
|
|
2022-08-06 |
2022-08-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. |
|
33 |
CVE-2022-37450 |
|
|
|
2022-08-05 |
2022-08-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022. |
|
34 |
CVE-2022-37434 |
|
|
Overflow |
2022-08-05 |
2022-08-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). |
|
35 |
CVE-2022-37431 |
|
|
XSS |
2022-08-05 |
2022-08-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. |
|
36 |
CVE-2022-37416 |
|
|
|
2022-08-05 |
2022-08-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. |
|
37 |
CVE-2022-37415 |
|
|
Overflow |
2022-08-05 |
2022-08-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. |
|
38 |
CVE-2022-37398 |
|
|
Overflow |
2022-08-05 |
2022-08-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. |
|
39 |
CVE-2022-37396 |
|
|
Exec Code Bypass |
2022-08-03 |
2022-08-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution |
|
40 |
CVE-2022-37394 |
|
|
DoS |
2022-08-03 |
2022-08-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. |
|
41 |
CVE-2022-37315 |
674 |
|
|
2022-08-01 |
2022-08-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. |
|
42 |
CVE-2022-37035 |
|
|
Exec Code |
2022-08-02 |
2022-08-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. |
|
43 |
CVE-2022-37030 |
|
|
Exec Code |
2022-08-04 |
2022-08-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. |
|
44 |
CVE-2022-37010 |
20 |
|
|
2022-07-28 |
2022-08-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed |
|
45 |
CVE-2022-37009 |
94 |
|
Exec Code |
2022-07-28 |
2022-08-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible |
|
46 |
CVE-2022-37000 |
|
|
|
2022-07-28 |
2022-07-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server. |
|
47 |
CVE-2022-36999 |
|
|
|
2022-07-28 |
2022-07-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server. |
|
48 |
CVE-2022-36998 |
|
|
DoS Overflow |
2022-07-28 |
2022-07-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service. |
|
49 |
CVE-2022-36997 |
|
|
DoS |
2022-07-28 |
2022-07-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service. |
|
50 |
CVE-2022-36996 |
|
|
|
2022-07-28 |
2022-07-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server. |
