Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0505 | 1 Ibm | 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation | 2025-04-11 | 5.5 MEDIUM | N/A |
|
IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
|
|||||
| CVE-2011-2649 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2025-04-11 | 7.5 HIGH | N/A |
|
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call.
|
|||||
| CVE-2013-1985 | 1 X | 1 Libxinerama | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
|
|||||
| CVE-2013-7000 | 1 Nowsms | 1 Now Sms \& Mms Gateway | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection.
|
|||||
| CVE-2013-2813 | 1 Cooperindustries | 3 Smp 16 Gateway \(data Concentrator\), Smp 4\/dp Gateway \(data Concentrator\), Smp 4 Gateway \(data Concentrator\) | 2025-04-11 | 7.1 HIGH | N/A |
|
The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows remote attackers to cause a denial of service (reboot or link outage) via a crafted DNP3 TCP packet.
|
|||||
| CVE-2013-4587 | 2 Linux, Opensuse | 2 Linux Kernel, Opensuse | 2025-04-11 | 7.2 HIGH | N/A |
|
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
|
|||||
| CVE-2013-0198 | 1 Thekelleys | 1 Dnsmasq | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
|
|||||
| CVE-2010-2078 | 1 Magnoware | 1 Datatrack System | 2025-04-11 | 5.0 MEDIUM | N/A |
|
DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI.
|
|||||
| CVE-2012-5808 | 2 Firstdata, Zen-cart | 2 Linkpoint, Zen Cart | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2011-3646 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 5.0 MEDIUM | N/A |
|
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.
|
|||||
| CVE-2011-4231 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | 6.3 MEDIUM | N/A |
|
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128.
|
|||||
| CVE-2013-3674 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.
|
|||||
| CVE-2012-6395 | 1 Cisco | 4 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 1000v Cloud Firewall and 1 more | 2025-04-11 | 6.3 MEDIUM | N/A |
|
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.
|
|||||
| CVE-2010-2246 | 1 Feh Project | 1 Feh | 2025-04-11 | 5.1 MEDIUM | N/A |
|
feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
|
|||||
| CVE-2013-6482 | 1 Pidgin | 1 Pidgin | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.
|
|||||
| CVE-2010-1181 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
|
|||||
| CVE-2013-1316 | 1 Microsoft | 1 Publisher | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
|
|||||
| CVE-2012-0853 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.
|
|||||
| CVE-2014-0662 | 1 Cisco | 2 Telepresence Video Communication Server Software, Telepresence Video Communication Servers Software | 2025-04-11 | 7.1 HIGH | N/A |
|
The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.
|
|||||
| CVE-2013-1093 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.
|
|||||
| CVE-2012-0180 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 7.2 HIGH | 7.8 HIGH |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
|
|||||
| CVE-2013-3594 | 1 Dell | 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 | 2025-04-11 | 10.0 HIGH | N/A |
|
The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.
|
|||||
| CVE-2010-4195 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 9.3 HIGH | N/A |
|
The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2011-0485 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | 10.0 HIGH | N/A |
|
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."
|
|||||
| CVE-2011-1594 | 1 Redhat | 2 Network Satellite, Spacewalk | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.
|
|||||
| CVE-2012-1929 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.
|
|||||
| CVE-2010-2115 | 1 Solarwinds | 1 Tftp Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.
|
|||||
| CVE-2011-0051 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.
|
|||||
| CVE-2012-0052 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.
|
|||||
| CVE-2010-3238 | 1 Microsoft | 2 Excel, Office | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
|
|||||
| CVE-2013-3242 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.5 MEDIUM | N/A |
|
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
|
|||||
| CVE-2013-0526 | 1 Ibm | 3 Avocent 1754 Kvm, Global Console Manager 16 Firmware, Global Console Manager 32 Firmware | 2025-04-11 | 8.5 HIGH | N/A |
|
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
|
|||||
| CVE-2011-1829 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2025-04-11 | 4.3 MEDIUM | N/A |
|
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
|
|||||
| CVE-2012-6073 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2013-4096 | 1 Ds3 | 1 Authentication Server | 2025-04-11 | 9.0 HIGH | N/A |
|
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.
|
|||||
| CVE-2013-3599 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | 9.3 HIGH | N/A |
|
userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html.
|
|||||
| CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 6.3 MEDIUM | N/A |
|
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.
|
|||||
| CVE-2013-6368 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 6.2 MEDIUM | N/A |
|
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
|
|||||
| CVE-2010-2595 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input."
|
|||||
| CVE-2012-3689 | 1 Apple | 1 Safari | 2025-04-11 | 5.8 MEDIUM | N/A |
|
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.
|
|||||