Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4582 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.9 MEDIUM | N/A |
|
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.
|
|||||
| CVE-2012-2981 | 1 Gentoo | 1 Webmin | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
|
|||||
| CVE-2012-0960 | 1 Ps Project Management Team | 1 Unity-firefox-extension | 2025-04-11 | 7.5 HIGH | N/A |
|
Unity integration extension (unity-firefox-extension) before 2.4.1 for Firefox does not properly handle callbacks, which allows remote attackers to cause a denial of service (Firefox crash) and possibly execute arbitrary code via a crafted request.
|
|||||
| CVE-2010-0114 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 7.5 HIGH | N/A |
|
fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request.
|
|||||
| CVE-2011-0996 | 1 Roy Marples | 1 Dhcpcd | 2025-04-11 | 6.8 MEDIUM | N/A |
|
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
|
|||||
| CVE-2010-2819 | 1 Cisco | 4 Catalyst 6500, Catalyst 7600, Firewall Services Module and 1 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622.
|
|||||
| CVE-2012-2493 | 4 Apple, Cisco, Linux and 1 more | 4 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
|
|||||
| CVE-2011-3907 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.
|
|||||
| CVE-2011-0159 | 1 Apple | 1 Iphone Os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.
|
|||||
| CVE-2013-3342 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-11 | 10.0 HIGH | N/A |
|
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 do not properly handle operating-system domain blacklists, which has unspecified impact and attack vectors.
|
|||||
| CVE-2010-2253 | 2 Gisle Aas, Search.cpan | 2 Libwww-perl, Libwww-perl | 2025-04-11 | 6.8 MEDIUM | N/A |
|
lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.
|
|||||
| CVE-2012-1035 | 1 Adacore | 1 Ada Web Services | 2025-04-11 | 5.0 MEDIUM | N/A |
|
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
|
|||||
| CVE-2011-2772 | 1 Mahara | 1 Mahara | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
|
|||||
| CVE-2013-1291 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Server 2003 and 3 more | 2025-04-11 | 7.1 HIGH | N/A |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
|
|||||
| CVE-2012-3986 | 5 Canonical, Debian, Mozilla and 2 more | 13 Ubuntu Linux, Debian Linux, Firefox and 10 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code.
|
|||||
| CVE-2011-0908 | 1 Vanillaforums | 1 Vanilla | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
|
|||||
| CVE-2010-1845 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.
|
|||||
| CVE-2012-2104 | 1 Munin-monitoring | 1 Munin | 2025-04-11 | 6.8 MEDIUM | N/A |
|
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
|
|||||
| CVE-2011-0003 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 5.8 MEDIUM | N/A |
|
MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
|||||
| CVE-2011-2839 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
|
The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2010-2892 | 1 Landesk | 1 Management Gateway | 2025-04-11 | 8.5 HIGH | N/A |
|
gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack.
|
|||||
| CVE-2011-1080 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
|
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.
|
|||||
| CVE-2012-5170 | 1 Simon Brown | 1 Pebble | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2014-0660 | 1 Cisco | 1 Telepresence Isdn Gateway Software | 2025-04-11 | 7.1 HIGH | N/A |
|
Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.
|
|||||
| CVE-2013-6048 | 1 Munin-monitoring | 1 Munin | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
|
|||||
| CVE-2011-1775 | 1 Tigervnc | 1 Tigervnc | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate.
|
|||||
| CVE-2011-1579 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.
|
|||||
| CVE-2011-2586 | 1 Cisco | 1 Ios | 2025-04-11 | 5.4 MEDIUM | N/A |
|
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249.
|
|||||
| CVE-2012-0160 | 1 Microsoft | 1 .net Framework | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
|
|||||
| CVE-2011-0413 | 1 Isc | 1 Dhcp | 2025-04-11 | 7.8 HIGH | N/A |
|
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
|
|||||
| CVE-2010-1455 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.
|
|||||
| CVE-2011-1163 | 3 Linux, Redhat, Suse | 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Eus and 4 more | 2025-04-11 | 2.1 LOW | N/A |
|
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.
|
|||||
| CVE-2010-3231 | 1 Microsoft | 3 Excel, Office, Open Xml File Format Converter | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
|
|||||
| CVE-2011-1109 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
|||||
| CVE-2012-3451 | 1 Apache | 1 Cxf | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
|
|||||
| CVE-2012-1008 | 1 Officesip | 1 Officesip Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message.
|
|||||
| CVE-2011-4883 | 1 Atvise | 1 Webmi2ads | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.
|
|||||
| CVE-2010-4767 | 1 Otrs | 1 Otrs | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
|
|||||
| CVE-2012-1961 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values.
|
|||||
| CVE-2011-1495 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
|
drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.
|
|||||