Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1577 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 2.9 LOW | N/A |
|
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
|
|||||
| CVE-2011-2008 | 1 Microsoft | 1 Host Integration Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
|
|||||
| CVE-2012-0163 | 1 Microsoft | 1 .net Framework | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
|
|||||
| CVE-2010-4727 | 1 Smarty | 1 Smarty | 2025-04-11 | 10.0 HIGH | N/A |
|
Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.
|
|||||
| CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2011-0602 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599.
|
|||||
| CVE-2011-5079 | 2 Netcreators, Typo3 | 2 Irfaq, Typo3 | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."
|
|||||
| CVE-2011-2883 | 1 Citrix | 1 Access Gateway | 2025-04-11 | 9.3 HIGH | N/A |
|
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
|
|||||
| CVE-2010-3944 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 7.2 HIGH | N/A |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
|
|||||
| CVE-2013-2145 | 3 Canonical, Opensuse, Perlmonks | 3 Ubuntu Linux, Opensuse, Module\ | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.
|
|||||
| CVE-2011-0067 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.
|
|||||
| CVE-2011-1079 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 5.4 MEDIUM | N/A |
|
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
|
|||||
| CVE-2012-6554 | 1 A51dev | 1 Activecollab Chat Module | 2025-04-11 | 6.5 MEDIUM | N/A |
|
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
|
|||||
| CVE-2012-0355 | 1 Cisco | 11 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Catalyst 6500 and 8 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634.
|
|||||
| CVE-2010-3320 | 1 Ibm | 1 Filenet Content Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2013-1848 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.2 MEDIUM | N/A |
|
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
|
|||||
| CVE-2013-6966 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.
|
|||||
| CVE-2010-2946 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
|
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.
|
|||||
| CVE-2012-5793 | 2 Harald Ponce De Leon, Oscommerce | 2 Authorize.net, Oscommerce | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2012-5445 | 1 Cisco | 3 Skinny Client Control Protocol Software, Unified Ip Phone, Unified Ip Phone 7906g | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
|
|||||
| CVE-2012-0068 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.
|
|||||
| CVE-2013-5568 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-11 | 7.1 HIGH | N/A |
|
The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308.
|
|||||
| CVE-2013-1122 | 1 Cisco | 2 Nexus 7000, Nx-os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673.
|
|||||
| CVE-2012-0738 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2025-04-11 | 5.8 MEDIUM | N/A |
|
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.
|
|||||
| CVE-2010-2876 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
|
|||||
| CVE-2012-0157 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 7.2 HIGH | 8.4 HIGH |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
|
|||||
| CVE-2002-2433 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.
|
|||||
| CVE-2014-1219 | 1 Broadcom | 1 2e Web Option | 2025-04-11 | 5.1 MEDIUM | N/A |
|
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
|
|||||
| CVE-2010-4199 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 6.8 MEDIUM | 8.8 HIGH |
|
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.
|
|||||
| CVE-2010-3229 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | 7.1 HIGH | N/A |
|
The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
|
|||||
| CVE-2010-3629 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
|
|||||
| CVE-2012-4388 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011- ...
Show More |
|||||
| CVE-2013-1029 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
|
|||||
| CVE-2011-5238 | 1 Google | 1 Checkout-php | 2025-04-11 | 5.8 MEDIUM | N/A |
|
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2012-4176 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 10.0 HIGH | N/A |
|
Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2012-3288 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
|
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
|
|||||
| CVE-2011-0626 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.
|
|||||
| CVE-2013-1232 | 1 Cisco | 3 Webex Meetings Server, Webex Node For Asr 1000 Series, Webex Node For Mcs | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a crafted request, aka Bug IDs CSCue36672, CSCue31363, CSCuf17466, and CSCug61252.
|
|||||
| CVE-2012-4544 | 1 Xen | 1 Xen | 2025-04-11 | 2.1 LOW | N/A |
|
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.
|
|||||
| CVE-2013-2037 | 2 Canonical, Httplib2 Project | 2 Ubuntu Linux, Httplib2 | 2025-04-11 | 2.6 LOW | N/A |
|
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||