Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1213 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
|
|||||
| CVE-2013-5385 | 1 Ibm | 2 I, Z\/os | 2025-04-11 | 8.5 HIGH | N/A |
|
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
|
|||||
| CVE-2012-5321 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 5.8 MEDIUM | N/A |
|
tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."
|
|||||
| CVE-2013-0290 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.
|
|||||
| CVE-2013-0216 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 5.2 MEDIUM | N/A |
|
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.
|
|||||
| CVE-2012-4079 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206.
|
|||||
| CVE-2013-1572 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 2.9 LOW | N/A |
|
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
|
|||||
| CVE-2011-5046 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
|
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violat ...
Show More |
|||||
| CVE-2011-4092 | 1 Ubuntu Developers | 1 Obby | 2025-04-11 | 5.8 MEDIUM | N/A |
|
obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate.
|
|||||
| CVE-2011-2391 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2025-04-11 | 6.1 MEDIUM | N/A |
|
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
|
|||||
| CVE-2011-4553 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain.
|
|||||
| CVE-2013-5547 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending malformed EoGRE packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuf08269.
|
|||||
| CVE-2013-2790 | 1 Ioserver | 1 Ioserver | 2025-04-11 | 7.8 HIGH | N/A |
|
The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000.
|
|||||
| CVE-2012-5791 | 1 Paypal | 1 Invoicing | 2025-04-11 | 5.8 MEDIUM | N/A |
|
PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2012-1928 | 1 Opera | 1 Opera Browser | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.
|
|||||
| CVE-2011-4415 | 1 Apache | 1 Http Server | 2025-04-11 | 1.2 LOW | N/A |
|
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function c ...
Show More |
|||||
| CVE-2013-6650 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-11 | 7.5 HIGH | N/A |
|
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages."
|
|||||
| CVE-2013-2770 | 1 Novell | 2 Kanaka, Open Enterprise Server | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.
|
|||||
| CVE-2010-2566 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2025-04-11 | 9.3 HIGH | N/A |
|
The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
|
|||||
| CVE-2014-1405 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
|
|||||
| CVE-2013-4636 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
|
|||||
| CVE-2010-4035 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
|
Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
|
|||||
| CVE-2010-1887 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
|
|||||
| CVE-2013-2897 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
|
Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device.
|
|||||
| CVE-2010-1189 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 5.0 MEDIUM | N/A |
|
MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."
|
|||||
| CVE-2010-1163 | 1 Todd Miller | 1 Sudo | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
|
|||||
| CVE-2011-1295 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2012-2727 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
|
|||||
| CVE-2011-2022 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.
|
|||||
| CVE-2011-1452 | 1 Google | 1 Chrome | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.
|
|||||
| CVE-2011-4962 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 6.8 MEDIUM | N/A |
|
code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x before 2.4.6 might allow remote attackers to execute arbitrary code via a crafted cookie in a user comment submission, which is not properly handled when it is deserialized.
|
|||||
| CVE-2011-2357 | 1 Google | 1 Android | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with t ...
Show More |
|||||
| CVE-2011-3283 | 1 Cisco | 1 Carrier Routing System | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887.
|
|||||
| CVE-2012-0735 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | 7.6 HIGH | N/A |
|
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
|
|||||
| CVE-2012-0954 | 1 Debian | 1 Advanced Package Tool | 2025-04-11 | 2.6 LOW | N/A |
|
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
|
|||||
| CVE-2010-4575 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension.
|
|||||
| CVE-2011-1429 | 1 Mutt | 1 Mutt | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
|
|||||
| CVE-2011-0685 | 1 Opera | 1 Opera Browser | 2025-04-11 | 2.1 LOW | N/A |
|
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
|
|||||
| CVE-2011-2628 | 1 Opera | 1 Opera Browser | 2025-04-11 | 10.0 HIGH | N/A |
|
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
|
|||||
| CVE-2013-0122 | 1 Avast | 1 Avast\! Mobile Security | 2025-04-11 | 1.9 LOW | N/A |
|
The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.
|
|||||