| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-4067 |
120 |
|
DoS Exec Code Overflow |
2020-02-11 |
2020-02-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system. |
|
2 |
CVE-2009-5139 |
916 |
|
|
2020-02-12 |
2020-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. |
|
3 |
CVE-2009-5140 |
307 |
|
|
2020-02-12 |
2020-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue. |
|
4 |
CVE-2010-3917 |
200 |
|
+Info |
2020-02-06 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. |
|
5 |
CVE-2010-4658 |
74 |
|
|
2020-02-07 |
2020-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. |
|
6 |
CVE-2010-4662 |
79 |
|
XSS |
2020-02-05 |
2020-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PmWiki before 2.2.21 has XSS. |
|
7 |
CVE-2010-4815 |
20 |
|
Exec Code |
2020-02-05 |
2020-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. |
|
8 |
CVE-2010-5304 |
476 |
|
|
2020-02-05 |
2020-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. |
|
9 |
CVE-2011-0220 |
20 |
|
|
2020-02-05 |
2020-02-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. |
|
10 |
CVE-2011-0525 |
352 |
|
CSRF |
2020-02-05 |
2020-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Batavi before 1.0 has CSRF. |
|
11 |
CVE-2011-0699 |
362 |
|
DoS Overflow |
2020-02-20 |
2020-02-25 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value. |
|
12 |
CVE-2011-1009 |
79 |
|
XSS |
2020-02-05 |
2020-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. |
|
13 |
CVE-2011-1069 |
79 |
|
XSS |
2020-02-05 |
2020-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PHPShop through 0.8.1 has XSS. |
|
14 |
CVE-2011-1084 |
79 |
|
XSS |
2020-02-07 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. |
|
15 |
CVE-2011-1085 |
352 |
|
CSRF |
2020-02-07 |
2020-02-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CSRF vulnerability in Smoothwall Express 3. |
|
16 |
CVE-2011-1086 |
79 |
|
XSS |
2020-02-07 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. |
|
17 |
CVE-2011-1150 |
79 |
|
XSS |
2020-02-05 |
2020-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter. |
|
18 |
CVE-2011-1151 |
89 |
|
Sql |
2020-02-05 |
2020-02-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. |
|
19 |
CVE-2011-1517 |
|
|
DoS Exec Code |
2020-02-05 |
2020-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. |
|
20 |
CVE-2011-1597 |
434 |
|
Exec Code |
2020-02-06 |
2020-02-10 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
OpenVAS Manager v2.0.3 allows plugin remote code execution. |
|
21 |
CVE-2011-2054 |
287 |
|
|
2020-02-19 |
2020-02-24 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. |
|
22 |
CVE-2011-2343 |
200 |
|
+Info |
2020-02-12 |
2020-02-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. |
|
23 |
CVE-2011-2498 |
772 |
|
DoS |
2020-02-20 |
2020-02-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. |
|
24 |
CVE-2011-2499 |
79 |
|
XSS |
2020-02-12 |
2020-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mambo CMS through 4.6.5 has multiple XSS. |
|
25 |
CVE-2011-3336 |
400 |
|
DoS |
2020-02-12 |
2020-02-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. |
|
26 |
CVE-2011-3629 |
326 |
|
|
2020-02-04 |
2020-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Joomla! core 1.7.1 allows information disclosure due to weak encryption |
|
27 |
CVE-2011-3642 |
79 |
|
XSS |
2020-02-08 |
2020-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. |
|
28 |
CVE-2011-3901 |
200 |
|
+Info |
2020-02-12 |
2020-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. |
|
29 |
CVE-2011-4338 |
287 |
|
|
2020-02-12 |
2020-02-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password. |
|
30 |
CVE-2011-4661 |
772 |
|
|
2020-02-12 |
2020-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. |
|
31 |
CVE-2011-4906 |
434 |
|
Exec Code |
2020-02-12 |
2020-02-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. |
|
32 |
CVE-2011-4908 |
434 |
|
|
2020-02-12 |
2020-02-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. |
|
33 |
CVE-2011-4912 |
732 |
|
Bypass |
2020-02-04 |
2020-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. |
|
34 |
CVE-2011-4915 |
200 |
|
+Info |
2020-02-20 |
2020-02-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. |
|
35 |
CVE-2011-4937 |
200 |
|
+Info |
2020-02-04 |
2020-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Joomla! 1.7.1 has core information disclosure due to inadequate error checking. |
|
36 |
CVE-2011-4938 |
79 |
|
XSS |
2020-02-11 |
2020-02-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO parameter to (1) index.php and (2) loader.php. |
|
37 |
CVE-2012-0055 |
862 |
|
Bypass |
2020-02-19 |
2020-02-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. |
|
38 |
CVE-2012-0063 |
|
|
Exec Code |
2020-02-21 |
2020-02-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan. |
|
39 |
CVE-2012-0718 |
|
|
|
2020-02-18 |
2020-03-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. |
|
40 |
CVE-2012-0785 |
400 |
|
|
2020-02-24 |
2020-03-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." |
|
41 |
CVE-2012-0810 |
400 |
|
DoS |
2020-02-12 |
2020-02-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention. |
|
42 |
CVE-2012-0828 |
787 |
|
DoS Exec Code Overflow |
2020-02-21 |
2020-03-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). |
|
43 |
CVE-2012-0844 |
200 |
|
+Info |
2020-02-21 |
2020-02-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. |
|
44 |
CVE-2012-0951 |
787 |
|
Mem. Corr. |
2020-02-12 |
2020-02-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. |
|
45 |
CVE-2012-1093 |
59 |
|
|
2020-02-21 |
2021-02-25 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. |
|
46 |
CVE-2012-1124 |
89 |
1
|
Exec Code Sql |
2020-02-11 |
2020-02-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. |
|
47 |
CVE-2012-1500 |
79 |
|
XSS |
2020-02-13 |
2020-02-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code. |
|
48 |
CVE-2012-1566 |
|
|
|
2020-02-07 |
2020-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. |
|
49 |
CVE-2012-1567 |
|
|
|
2020-02-07 |
2020-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. |
|
50 |
CVE-2012-1903 |
79 |
|
XSS |
2020-02-13 |
2020-02-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter. |
