Main entries ~3682 :
Date Id Summary Products Score Patch Annotated
2013-07-16 CVE-2013-1943 The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. Ubuntu_linux, Linux_kernel, Enterprise_linux, Enterprise_linux_eus 7.8
2013-08-15 CVE-2013-1942 Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023. Jplayer, Owncloud N/A
2013-04-16 CVE-2013-1937 Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable. Phpmyadmin 6.1
2013-06-07 CVE-2013-1929 Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. Linux_kernel N/A
2013-04-29 CVE-2013-1928 The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. Linux_kernel, Enterprise_linux N/A
2013-04-25 CVE-2013-1915 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. Debian_linux, Fedora, Opensuse, Modsecurity N/A
2014-05-27 CVE-2013-1883 Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type. Mantisbt N/A
Remaining NVD entries (unprocessed / no code available): ~268038 :
Date Id Summary Products Score Patch
2024-11-29 CVE-2024-45495 MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. N/A N/A
2024-11-29 CVE-2024-35451 LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. N/A N/A
2024-11-29 CVE-2024-48651 In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. N/A N/A
2024-11-29 CVE-2024-54123 Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format. N/A N/A
2024-11-29 CVE-2024-54124 In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. N/A N/A
2024-11-29 CVE-2024-11978 DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. N/A 7.5
2024-11-29 CVE-2024-11979 DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. N/A 9.8