| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-2760 |
264 |
2
|
|
2012-07-25 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. |
|
2 |
CVE-2010-4734 |
79 |
2
|
XSS |
2011-02-16 |
2011-09-22 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information. |
|
3 |
CVE-2010-0971 |
79 |
2
|
XSS |
2010-03-16 |
2017-08-17 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information. |
|
4 |
CVE-2014-4701 |
200 |
1
|
+Info |
2014-12-05 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. |
|
5 |
CVE-2013-5791 |
|
1
|
Exec Code Overflow |
2013-10-16 |
2018-10-12 |
1.5 |
None |
Local |
Medium |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name. |
|
6 |
CVE-2013-5099 |
79 |
1
|
XSS |
2013-08-09 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php. |
|
7 |
CVE-2012-5914 |
79 |
1
|
XSS |
2012-11-17 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: some of these details are obtained from third party information. |
|
8 |
CVE-2012-5349 |
79 |
1
|
XSS |
2012-10-09 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter. |
|
9 |
CVE-2012-5325 |
79 |
1
|
XSS |
2012-10-08 |
2017-08-29 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. |
|
10 |
CVE-2012-4615 |
310 |
1
|
+Info |
2012-11-27 |
2013-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. |
|
11 |
CVE-2012-2425 |
20 |
1
|
DoS |
2012-04-25 |
2021-07-23 |
1.8 |
None |
Local Network |
High |
Not required |
None |
None |
Partial |
|
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI. |
|
12 |
CVE-2012-0976 |
79 |
1
|
XSS |
2012-02-02 |
2017-08-29 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. |
|
13 |
CVE-2012-0933 |
79 |
1
|
XSS |
2012-01-29 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. |
|
14 |
CVE-2011-5204 |
255 |
1
|
+Info |
2012-10-04 |
2012-10-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. |
|
15 |
CVE-2011-0652 |
20 |
1
|
DoS |
2011-01-28 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information. |
|
16 |
CVE-2011-0515 |
|
1
|
DoS |
2011-01-20 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook. |
|
17 |
CVE-2010-4883 |
79 |
1
|
XSS |
2011-10-07 |
2017-08-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. |
|
18 |
CVE-2010-4783 |
79 |
1
|
XSS |
2011-04-07 |
2018-10-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters. |
|
19 |
CVE-2010-4607 |
79 |
1
|
XSS |
2010-12-29 |
2011-01-04 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information. |
|
20 |
CVE-2010-2038 |
79 |
1
|
XSS |
2010-05-25 |
2018-10-10 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in include/tool/editing_files.php in gpEasy CMS 1.6.2 allows remote authenticated users, with Edit privileges, to inject arbitrary web script or HTML via the gpcontent parameter to index.php. NOTE: some of these details are obtained from third party information. |
|
21 |
CVE-2010-1997 |
79 |
1
|
XSS |
2010-05-20 |
2018-10-10 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. |
|
22 |
CVE-2010-1856 |
79 |
1
|
XSS |
2010-05-07 |
2010-05-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. |
|
23 |
CVE-2010-1584 |
79 |
1
|
XSS |
2010-05-19 |
2017-08-17 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. |
|
24 |
CVE-2009-4118 |
|
1
|
DoS |
2009-12-01 |
2012-10-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running. |
|
25 |
CVE-2009-3562 |
79 |
1
|
XSS |
2009-10-05 |
2017-09-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. |
|
26 |
CVE-2008-0334 |
79 |
1
|
XSS |
2008-01-17 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. |
|
27 |
CVE-2007-3838 |
|
1
|
XSS |
2007-07-17 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
28 |
CVE-2006-3656 |
|
1
|
Mem. Corr. |
2006-07-18 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different. |
|
29 |
CVE-2004-2502 |
|
1
|
|
2004-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file. |
|
30 |
CVE-1999-1251 |
|
1
|
DoS |
1996-12-24 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service. |
|
31 |
CVE-1999-1205 |
|
1
|
DoS |
1996-06-07 |
2018-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. |
|
32 |
CVE-2022-35648 |
|
|
DoS |
2022-07-12 |
2022-07-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time). |
|
33 |
CVE-2022-34464 |
668 |
|
|
2022-07-12 |
2022-07-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file. |
|
34 |
CVE-2022-33981 |
416 |
|
DoS |
2022-06-18 |
2022-07-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. |
|
35 |
CVE-2022-33953 |
522 |
|
+Info |
2022-06-24 |
2022-07-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. |
|
36 |
CVE-2022-33879 |
|
|
|
2022-06-27 |
2022-07-07 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. |
|
37 |
CVE-2022-33744 |
|
|
DoS |
2022-07-05 |
2022-07-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. |
|
38 |
CVE-2022-33711 |
354 |
|
|
2022-07-12 |
2022-07-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction. |
|
39 |
CVE-2022-33706 |
|
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. |
|
40 |
CVE-2022-33705 |
863 |
|
|
2022-07-12 |
2022-07-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. |
|
41 |
CVE-2022-33702 |
863 |
|
Bypass |
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. |
|
42 |
CVE-2022-33701 |
829 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. |
|
43 |
CVE-2022-33700 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
|
44 |
CVE-2022-33699 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
|
45 |
CVE-2022-33698 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. |
|
46 |
CVE-2022-33697 |
532 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. |
|
47 |
CVE-2022-33696 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
|
48 |
CVE-2022-33694 |
668 |
|
|
2022-07-12 |
2022-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. |
|
49 |
CVE-2022-33693 |
532 |
|
|
2022-07-12 |
2022-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |
|
50 |
CVE-2022-33692 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
