VIR Vulnerability Intelligence Relay

Search

Found 4,399 results in 341ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-4929 low 2.6 FIX debian debian googlemozilla 14y ago The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which…
CVE-2012-4422 low 3.5 FIX debian debian wordpress 14y ago wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed …
CVE-2012-0746 low 3.5 ibm 14y ago Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, a…
CVE-2012-1648 low 2.1 danielbdrupal 14y ago Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HT…
CVE-2012-3529 low 3.5 typo3 14y ago Typo3 Backend Configuration XSS Vulnerability
CVE-2012-3528 low 3.5 typo3 14y ago Typo3 Backend XSS Vulnerability
CVE-2010-4819 low 3.6 FIX debian debian x 14y ago The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (serve…
CVE-2012-2068 low 2.1 tiger-fishdrupal 14y ago Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permissi…
CVE-2012-2065 low 3.5 fresodrupal 14y ago Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissi…
CVE-2012-1613 low 4.5 EXP coppermine-gallery 14y ago Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML…
CVE-2012-1606 low 3.5 typo3 14y ago Typo3 Backend XSS Vulnerabilities
CVE-2012-3582 low 2.9 symantec 14y ago Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circ…
CVE-2011-5146 low 2.6 ingumadev 14y ago Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.
CVE-2012-3478 low 2.1 pizzashack 14y ago rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
CVE-2012-3380 low 2.1 FIX debian debian wargio 14y ago Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
CVE-2012-3378 low 3.3 FIX debian debian gnome 14y ago The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier fo…
CVE-2012-2658 low 2.1 FIX debian debian unixodbc 14y ago Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vuln…
CVE-2012-2657 low 2.1 FIX debian debian unixodbc 14y ago Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this iss…
CVE-2012-4600 low 3.6 EXPFIX debian debian otrs 14y ago Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote…
CVE-2012-4736 low 3.3 sophos 14y ago The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFA…
CVE-2012-3581 low 3.3 symantec 14y ago Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
CVE-2012-1645 low 2.6 wimleersdrupal 14y ago The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified ve…
CVE-2012-1644 low 2.1 gizradrupal 14y ago The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via uns…
CVE-2012-1586 low 3.1 EXPFIX debian debian debian 14y ago mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error messag…
CVE-2011-4944 low 1.9 FIX slesdebian debian python 14y ago Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a userna…
CVE-2012-2297 low 2.1 creative_commons_module_projectdrupal 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission t…
CVE-2012-2103 low 1.2 FIX debian debian munin-monitoring 14y ago The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2012-4676 low 1.2 google 14y ago The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability tha…
CVE-2012-3487 low 1.2 google 14y ago Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
CVE-2010-5092 low 1.9 silverstripe 14y ago The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
CVE-2011-5119 low 1.9 comodo 14y ago Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors.
CVE-2011-5118 low 1.9 comodo 14y ago Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors.
CVE-2012-3507 low 2.6 FIX debian debian roundcube 14y ago Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML vi…
CVE-2012-0713 low 3.5 linux-kernel ibm 14y ago Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.
CVE-2010-5146 low 2.1 websense 14y ago The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files.
CVE-2012-2687 low 2.6 FIX debian debian apache 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiVi…
CVE-2012-4589 low 2.1 mcafee 14y ago Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to…
CVE-2012-4587 low 3.5 mcafee 14y ago McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easi…
CVE-2012-4586 low 3.5 mcafee 14y ago McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows…
CVE-2012-4584 low 3.5 mcafee 14y ago McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easi…
CVE-2010-5143 low 2.6 mcafee 14y ago McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.
CVE-2009-5117 low 1.9 mcafee 14y ago The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive inf…
CVE-2012-4579 low 3.5 FIX debian debian phpmyadmin 14y ago phpMyAdmin Multiple XSS Vulnerabilities
CVE-2012-4345 low 3.5 FIX debian debian phpmyadmin 14y ago phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
CVE-2012-4578 low 2.1 freebsd freebsd pawel_jakub_dawidek 14y ago The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.
CVE-2012-2985 low 3.5 cutesoft_components 14y ago Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter.
CVE-2012-4238 low 2.1 tecnick 14y ago Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web scri…
CVE-2012-0856 low 2.6 FIX debian debian ffmpeg 14y ago Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (a…
CVE-2012-2205 low 3.5 ibm 14y ago Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspac…
CVE-2012-2169 low 3.5 ibm 14y ago Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web s…
CVE-2012-2165 low 3.5 ibm 14y ago IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.
CVE-2012-2206 low 4.5 EXP ibm 14y ago The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as …
CVE-2012-2102 low 3.5 mysqloracle 14y ago MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
CVE-2012-1597 low 3.6 EXP ez 14y ago Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HT…
CVE-2012-4296 low 3.3 FIX suse susedebian debian wireshark 14y ago Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of ser…
CVE-2012-4295 low 3.3 FIX debian debian wireshark 14y ago Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial …
CVE-2012-4293 low 3.3 FIX suse susedebian debian wireshark 14y ago plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which…
CVE-2012-4292 low 3.3 FIX suse susedebian debian wireshark 14y ago The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with …
CVE-2012-4291 low 3.3 FIX suse suse rheldebian debian wireshark 14y ago The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
CVE-2012-4290 low 3.3 FIX suse suse rheldebian debian wireshark 14y ago The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
CVE-2012-4289 low 3.3 FIX suse suse rheldebian debian wireshark 14y ago epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU cons…
CVE-2012-4288 low 3.3 FIX suse susedebian debian wireshark 14y ago Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote att…
CVE-2012-4285 low 3.3 FIX suse suse rheldebian debian wireshark 14y ago The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause …
CVE-2012-4037 low 2.6 FIX debian debian transmissionbt 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or…
CVE-2012-2082 low 2.1 chaos_tool_suite_project 14y ago Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject ar…
CVE-2012-2076 low 2.1 rob_loachdrupal 14y ago Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions …
CVE-2012-2075 low 2.1 steindomdrupal 14y ago Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arb…
CVE-2012-2072 low 2.1 patrick_przybilladrupal 14y ago Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject a…
CVE-2012-2071 low 2.1 geoff_daviesdrupal 14y ago Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer si…
CVE-2012-2070 low 2.1 andrew_levinedrupal 14y ago Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission …
CVE-2012-2300 low 2.1 ubercartdrupal 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product cl…
CVE-2012-2299 low 2.1 ubercartdrupal 14y ago The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive informat…
CVE-2012-2141 low 3.5 FIX debian debian net-snmp 14y ago Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and…
CVE-2012-4270 low 3.5 efrontlearning 14y ago Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.
CVE-2011-0524 low 2.1 iain 14y ago Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function.
CVE-2011-0523 low 1.9 iain 14y ago gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.
CVE-2009-5066 low 2.1 redhat 14y ago twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
CVE-2012-3476 low 3.5 ushahidi 14y ago Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated us…
CVE-2012-3952 low 3.6 EXP phplist 14y ago Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
CVE-2012-3457 low 2.1 pnp4nagios 14y ago PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
CVE-2012-0421 low 2.1 novell 14y ago The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by rea…
CVE-2011-4922 low 2.1 FIX debian debian pidgin 14y ago cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or …
CVE-2012-3445 low 3.5 FIX debian debian redhat 14y ago The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of servi…
CVE-2012-3454 low 3.6 extplorer 14y ago eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.
CVE-2012-3453 low 3.6 FIX debian debian debian 14y ago logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.
CVE-2012-3452 low 3.3 FIX debian debian gnome 14y ago gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen …
CVE-2012-3449 low 3.6 FIX debian debian openvswitch 14y ago Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and …
CVE-2012-1344 low 3.5 14y ago Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal p…
CVE-2012-3450 low 3.6 EXP php 14y ago pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote a…
CVE-2012-1370 low 3.5 cisco 14y ago Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.
CVE-2012-2202 low 4.5 EXP ibm 14y ago Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticat…
CVE-2011-2503 low 3.7 FIX debian debian systemtap 14y ago The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local u…
CVE-2012-2310 low 3.5 oleg_kovalchukdrupal 14y ago Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary w…
CVE-2012-2309 low 3.5 wearepropeopledrupal 14y ago Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web scr…
CVE-2012-2308 low 3.5 tahiticlicdrupal 14y ago Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script…
CVE-2012-2760 low 3.1 EXPFIX debian debian findingscience 14y ago mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
CVE-2012-3954 low 3.3 FIX debian debianubuntu ubuntu isc 14y ago Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
CVE-2012-4049 low 2.9 FIX suse susedebian debian wireshark 14y ago epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consu…
CVE-2012-4048 low 3.3 FIX debian debian wireshark 14y ago The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash)…
CVE-2012-3396 low 3.5 moodle 14y ago Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrato…