Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1068 | 1 Microsoft | 1 Windows Azure Sdk | 2025-04-11 | 2.6 LOW | N/A |
|
Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps.
|
|||||
| CVE-2010-3827 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
|
|||||
| CVE-2013-3996 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-11 | 4.9 MEDIUM | N/A |
|
IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.
|
|||||
| CVE-2011-2608 | 1 Hp | 2 Openview Performance Agent, Operations Agent | 2025-04-11 | 6.4 MEDIUM | N/A |
|
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
|
|||||
| CVE-2010-5185 | 1 Comodo | 1 Comodo Internet Security | 2025-04-11 | 10.0 HIGH | N/A |
|
The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.
|
|||||
| CVE-2013-1633 | 1 Python | 1 Setuptools | 2025-04-11 | 6.8 MEDIUM | N/A |
|
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
|
|||||
| CVE-2012-4918 | 1 Activision | 1 Call Of Duty Elite | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack.
|
|||||
| CVE-2013-3735 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | 7.5 HIGH |
|
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple we ...
Show More |
|||||
| CVE-2011-0779 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
|
|||||
| CVE-2013-5561 | 1 Cisco | 1 Adaptive Security Appliance Cx Context-aware Security Software | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Safe Search enforcement feature in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622.
|
|||||
| CVE-2011-4885 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
|
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
|
|||||
| CVE-2013-3277 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2010-2878 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 9.3 HIGH | N/A |
|
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
|
|||||
| CVE-2013-5523 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
|
|||||
| CVE-2013-7264 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
|
|||||
| CVE-2011-3366 | 1 Adjam | 1 Rekonq | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
|
|||||
| CVE-2010-0741 | 3 Kvm Qumranet, Linux, Qemu | 3 Kvm, Linux Kernel, Qemu | 2025-04-11 | 7.8 HIGH | N/A |
|
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).
|
|||||
| CVE-2012-4222 | 1 Google | 1 Android | 2025-04-11 | 4.3 MEDIUM | N/A |
|
drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call.
|
|||||
| CVE-2011-3484 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.
|
|||||
| CVE-2010-1585 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 9.3 HIGH | N/A |
|
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element ...
Show More |
|||||
| CVE-2013-1431 | 1 Simon Mcvittie | 1 Telepathy Gabble | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.
|
|||||
| CVE-2013-3470 | 1 Cisco | 1 Ios Xr | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.
|
|||||
| CVE-2013-3266 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 7.5 HIGH | N/A |
|
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.
|
|||||
| CVE-2012-0152 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
|
|||||
| CVE-2013-5536 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521.
|
|||||
| CVE-2012-5780 | 1 Amazon | 1 Merchant Sdk | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2010-3272 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-04-11 | 4.3 MEDIUM | N/A |
|
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
|
|||||
| CVE-2010-1129 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
|
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
|
|||||
| CVE-2011-0627 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
|
|||||
| CVE-2012-4945 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2025-04-11 | 7.5 HIGH | N/A |
|
Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection" issue.
|
|||||
| CVE-2012-3587 | 1 Debian | 1 Advanced Package Tool | 2025-04-11 | 2.6 LOW | N/A |
|
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
|
|||||
| CVE-2012-5788 | 1 Paypal | 1 Ipn | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.
|
|||||
| CVE-2013-3925 | 1 Atlassian | 1 Crowd | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference.
|
|||||
| CVE-2011-3952 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.
|
|||||
| CVE-2012-5794 | 2 Moneybookers, Oscommerce | 2 Moneybookers, Oscommerce | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2012-2940 | 1 Mediachance | 1 Real-draw Pro | 2025-04-11 | 4.3 MEDIUM | N/A |
|
MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
|
|||||
| CVE-2012-4093 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The Manager component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via an invalid Smart Call Home contact address, aka Bug ID CSCtl00186.
|
|||||
| CVE-2011-2681 | 1 Ibm | 1 Rational Doors Web Access | 2025-04-11 | 10.0 HIGH | N/A |
|
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.
|
|||||
| CVE-2010-1273 | 1 Emweb | 1 Wt | 2025-04-11 | 9.3 HIGH | N/A |
|
Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.
|
|||||
| CVE-2011-0581 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.
|
|||||