Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2821 | 1 Novatech | 6 Orion5 Dnp Master, Orion5 Dnp Slave, Orion5r Dnp Master and 3 more | 2025-04-11 | 7.1 HIGH | N/A |
| NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet. | |||||
| CVE-2012-2240 | 1 Devscripts Devel Team | 1 Devscripts | 2025-04-11 | 7.5 HIGH | N/A |
| scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | |||||
| CVE-2013-7102 | 1 Optimizepress | 1 Optimizepress | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013. | |||||
| CVE-2010-0740 | 1 Openssl | 1 Openssl | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-2829 | 1 Matrikonopc | 1 Scada Dnp3 Opc Server | 2025-04-11 | 7.1 HIGH | N/A |
| MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet. | |||||
| CVE-2010-2795 | 1 Joachim Fritschi | 1 Phpcas | 2025-04-11 | 4.0 MEDIUM | N/A |
| phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value. | |||||
| CVE-2012-5820 | 1 Google | 1 Admob | 2025-04-11 | 5.8 MEDIUM | N/A |
| The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-1911 | 2 Mark Burns, Ruby-lang | 2 Ldoce, Ruby | 2025-04-11 | 6.8 MEDIUM | N/A |
| lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name. | |||||
| CVE-2013-4066 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. | |||||
| CVE-2010-5099 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 6.8 MEDIUM | N/A |
| The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | |||||
| CVE-2010-2732 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." | |||||
| CVE-2010-0441 | 1 Asterisk | 1 Asterisk | 2025-04-11 | 5.0 MEDIUM | N/A |
| Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number. | |||||
| CVE-2013-6414 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
| actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. | |||||
| CVE-2011-0925 | 1 Cisco | 1 Secure Desktop | 2025-04-11 | 9.3 HIGH | N/A |
| The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926. | |||||
| CVE-2013-6981 | 1 Cisco | 1 Ios Xe | 2025-04-11 | 5.4 MEDIUM | N/A |
| Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. | |||||
| CVE-2010-1843 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.8 HIGH | N/A |
| Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet. | |||||
| CVE-2009-5020 | 1 Awstats | 1 Awstats | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-5211 | 3 Ntp, Opensuse, Oracle | 3 Ntp, Opensuse, Linux | 2025-04-11 | 5.0 MEDIUM | N/A |
| The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. | |||||
| CVE-2013-4083 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 5.0 MEDIUM | N/A |
| The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2013-3868 | 1 Microsoft | 6 Active Directory Lightweight Directory Service, Windows 7, Windows 8 and 3 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability." | |||||