Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0206 | 2 Drupal, Guy Bedford | 2 Drupal, Live Css | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
|
|||||
| CVE-2010-1127 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.
|
|||||
| CVE-2010-0117 | 2 Microsoft, Realnetworks | 3 Windows, Realplayer, Realplayer Sp | 2025-04-11 | 9.3 HIGH | N/A |
|
RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
|
|||||
| CVE-2012-4592 | 1 Mcafee | 1 Enterprise Mobility Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
|
|||||
| CVE-2011-0107 | 1 Microsoft | 1 Office | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
|
|||||
| CVE-2013-0800 | 5 Canonical, Debian, Mozilla and 2 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
|
|||||
| CVE-2011-2977 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2025-04-11 | 2.1 LOW | N/A |
|
Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.
|
|||||
| CVE-2010-0924 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-11 | 5.0 MEDIUM | N/A |
|
cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.
|
|||||
| CVE-2010-3154 | 1 Adobe | 1 Extension Manager Cs5 | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .mxi or .mxp file.
|
|||||
| CVE-2012-2252 | 1 Pizzashack | 1 Rssh | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
|
|||||
| CVE-2011-1088 | 1 Apache | 1 Tomcat | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
|
|||||
| CVE-2010-5198 | 1 Intuit | 1 Quickbooks | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in Intuit QuickBooks 2010 allow local users to gain privileges via a Trojan horse (1) dbicudtx11.dll, (2) mfc90enu.dll, or (3) mfc90loc.dll file in the current working directory, as demonstrated by a directory that contains a .des, .qbo, or .qpg file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2504 | 1 Splunk | 1 Splunk | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066.
|
|||||
| CVE-2010-1616 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
|
|||||
| CVE-2010-3492 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
|
|||||
| CVE-2010-2619 | 1 Citrix | 1 Xenserver | 2025-04-11 | 1.9 LOW | N/A |
|
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
|
|||||
| CVE-2010-1764 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.
|
|||||
| CVE-2012-1593 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 3.3 LOW | N/A |
|
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
|
|||||
| CVE-2012-5517 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator.
|
|||||
| CVE-2012-3893 | 1 Cisco | 1 Ios | 2025-04-11 | 6.3 MEDIUM | N/A |
|
The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.
|
|||||
| CVE-2013-1322 | 1 Microsoft | 1 Publisher | 2025-04-11 | 10.0 HIGH | N/A |
|
Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
|
|||||
| CVE-2010-1756 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
|
|||||
| CVE-2008-7256 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.2 LOW | N/A |
|
mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1643.
|
|||||
| CVE-2011-0680 | 1 Google | 1 Android | 2025-04-11 | 5.0 MEDIUM | N/A |
|
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
|
|||||
| CVE-2010-3147 | 1 Microsoft | 7 Outlook Express, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the c ...
Show More |
|||||
| CVE-2013-4520 | 1 Xmlsoft | 1 Libxslt | 2025-04-11 | 4.3 MEDIUM | N/A |
|
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
|
|||||
| CVE-2010-5233 | 1 Virtualdj | 1 Virtual Dj | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 allows local users to gain privileges via a Trojan horse HDJAPI.dll file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2244 | 1 Avahi | 1 Avahi | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.
|
|||||
| CVE-2012-2519 | 1 Microsoft | 8 .net Framework, Windows 7, Windows 8 and 5 more | 2025-04-11 | 7.9 HIGH | N/A |
|
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
|
|||||
| CVE-2011-3133 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2011-1247 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
|
|||||
| CVE-2010-2283 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 3.3 LOW | N/A |
|
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.
|
|||||
| CVE-2011-4729 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files.
|
|||||
| CVE-2013-2632 | 1 Google | 2 Chrome, V8 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.
|
|||||
| CVE-2012-6139 | 2 Opensuse, Xmlsoft | 2 Opensuse, Libxslt | 2025-04-11 | 5.0 MEDIUM | N/A |
|
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
|
|||||
| CVE-2013-1715 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206.
|
|||||
| CVE-2011-4859 | 1 Schneider-electric | 21 M340 Ethernet Module Bmxnoe0100, M340 Ethernet Module Bmxnoe0110, M340 Ethernet Module Bmxp342020 and 18 more | 2025-04-11 | 10.0 HIGH | N/A |
|
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver acco ...
Show More |
|||||
| CVE-2012-2871 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxml2 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
|
|||||
| CVE-2011-1338 | 1 Xnview | 1 Xnview | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.
|
|||||
| CVE-2013-1235 | 1 Cisco | 16 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 13 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507.
|
|||||