Search and browse vulnerability records from NVD
Showing 12 of 12512 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
|
CVE-2013-3896
KEV
|
5.5 MEDIUM |
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability." |
82.0% | 2013-10-09 | |
|
CVE-2013-1675
KEV
|
6.5 MEDIUM |
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. |
4.7% | 2013-05-16 | |
|
CVE-2013-0431
KEV
|
5.3 MEDIUM |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. |
91.6% | 2013-01-31 | |
|
CVE-2012-0518
KEV
|
4.7 MEDIUM |
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. |
24.3% | 2012-10-16 | |
| 6.5 MEDIUM |
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. |
0.2% | 2012-07-17 | ||
|
CVE-2012-0767
KEV
|
6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. |
8.1% | 2012-02-16 | |
|
CVE-2011-4723
KEV
|
5.7 MEDIUM |
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. |
12.7% | 2011-12-20 | |
|
CVE-2010-0738
KEV
|
5.3 MEDIUM |
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. |
91.3% | 2010-04-28 | |
|
CVE-2009-3960
KEV
|
6.5 MEDIUM |
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents. |
88.7% | 2010-02-15 | |
| 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. |
1.4% | 2009-06-25 | ||
|
CVE-2004-1464
KEV
|
5.9 MEDIUM |
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. |
1.7% | 2004-12-31 | |
| 5.4 MEDIUM |
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |
0.3% | 1997-05-29 |