Количество 18 390
Количество 18 390
CVE-2013-0222
CVE-2013-0221
CVE-2012-6708
CVE-2012-6687
CVE-2012-6655
CVE-2012-5627
Oracle MySQL and MariaDB 5.5.x before 5.5.29 5.3.x before 5.3.12 and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
CVE-2012-4575
CVE-2012-3425
CVE-2012-3381
sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVE-2012-2677
CVE-2012-2653
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
CVE-2012-0883
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
CVE-2011-5244
Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.
CVE-2011-4969
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
CVE-2011-4966
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
CVE-2011-3048
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
CVE-2011-3045
CVE-2011-2691
CVE-2011-2519
CVE-2011-2501
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | 0% Низкий | около 5 лет назад | ||
| 6% Низкий | около 5 лет назад | ||
| CVSS3: 6.1 | 1% Низкий | 11 месяцев назад | |
| 26% Средний | больше 5 лет назад | ||
| CVSS3: 3.3 | 0% Низкий | 10 месяцев назад | |
| CVE-2012-5627 Oracle MySQL and MariaDB 5.5.x before 5.5.29 5.3.x before 5.3.12 and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. | 4% Низкий | около 5 лет назад | |
| 2% Низкий | около 5 лет назад | ||
| 1% Низкий | 8 месяцев назад | ||
| CVE-2012-3381 sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 0% Низкий | 3 месяца назад | |
| 1% Низкий | около 1 года назад | ||
| CVE-2012-2653 arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. | 2% Низкий | 3 месяца назад | |
| CVE-2012-0883 envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. | 0% Низкий | 4 месяца назад | |
| CVE-2011-5244 Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433. | 2% Низкий | 3 месяца назад | |
| CVE-2011-4969 Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. | 4% Низкий | 4 месяца назад | |
| CVE-2011-4966 modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password. | 1% Низкий | 3 месяца назад | |
| CVE-2011-3048 The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. | 17% Средний | 4 месяца назад | |
| CVSS3: 8.8 | 8% Низкий | 6 месяцев назад | |
| CVSS3: 6.5 | 6% Низкий | 8 месяцев назад | |
| 0% Низкий | около 5 лет назад | ||
| CVSS3: 6.5 | 1% Низкий | 8 месяцев назад |
Уязвимостей на страницу