Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2012-2330 1 Nodejs 1 Nodejs 2012-08-22 6.4
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof...
CVE-2012-4359 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2012-08-20 9.3
Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon...
CVE-2012-4358 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2012-08-20 9.3
Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon...
CVE-2012-4357 1 Sielcosistemi 2 Winlog Lite, Winlog Pro 2012-08-20 9.3
Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that...
CVE-2012-2611 1 Sap 1 Netweaver 2012-08-19 9.3
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to...
CVE-2012-2096 1 Lullabot 1 Fivestar Module For Drupal 2012-08-15 5.0
The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.
CVE-2012-2368 1 Bytemark 1 Symbiosis 2012-08-14 5.0
Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password.
CVE-2012-2964 1 Breakingpointsystems 2 Breakingpoint Storm Appliance, Breakingpoint Storm Appliance Ctm 2012-08-13 5.0
The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents.
CVE-2012-2490 1 Cisco 1 Ip Communicator 2012-08-07 5.0
Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471.
CVE-2012-1367 1 Cisco 1 Ios 2012-08-06 5.0
The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length,...
CVE-2012-3689 1 Apple 1 Safari 2012-07-30 5.8
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2011-2503 1 Systemtap 1 Systemtap 2012-07-27 3.7
The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition...
CVE-2011-2502 1 Systemtap 1 Systemtap 2012-07-27 4.4
runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to...
CVE-2011-4582 1 Moodle 1 Moodle 2012-07-23 4.9
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.
CVE-2012-0801 1 Moodle 1 Moodle 2012-07-17 7.5
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
CVE-2011-4294 1 Moodle 1 Moodle 2012-07-16 5.8
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick...
CVE-2012-2279 1 Rsa 2 Authentication Manager, Securid Appliance 2012-07-16 6.4
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks...
CVE-2011-4302 1 Moodle 1 Moodle 2012-07-11 6.8
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted...
CVE-2011-4415 1 Apache 1 Http Server 2012-07-03 1.2
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to...
CVE-2011-4957 1 Wordpress 1 Wordpress 2012-06-28 5.0
The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a...