Total
11158 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-3350 | 1 Bareftp | 1 Bareftp | 2025-04-11 | 6.9 MEDIUM | N/A |
bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
CVE-2013-5605 | 1 Mozilla | 1 Network Security Services | 2025-04-11 | 7.5 HIGH | N/A |
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. | |||||
CVE-2011-1163 | 3 Linux, Redhat, Suse | 7 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Eus and 4 more | 2025-04-11 | 2.1 LOW | N/A |
The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. | |||||
CVE-2013-6174 | 1 Emc | 1 Document Sciences Xpression | 2025-04-11 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | |||||
CVE-2013-3608 | 1 Supermicro | 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more | 2025-04-11 | 10.0 HIGH | N/A |
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi. | |||||
CVE-2013-1184 | 1 Cisco | 6 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect and 3 more | 2025-04-11 | 7.8 HIGH | N/A |
The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206. | |||||
CVE-2012-2697 | 1 Redhat | 1 Enterprise Linux | 2025-04-11 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map." | |||||
CVE-2011-2586 | 1 Cisco | 1 Ios | 2025-04-11 | 5.4 MEDIUM | N/A |
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. | |||||
CVE-2010-4775 | 2 Drupal, Nicholas Thompson | 2 Drupal, Relevant Content | 2025-04-11 | 5.0 MEDIUM | N/A |
The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships. | |||||
CVE-2010-1890 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | 4.6 MEDIUM | N/A |
The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." | |||||
CVE-2010-4777 | 1 Perl | 1 Perl | 2025-04-11 | 4.3 MEDIUM | N/A |
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. | |||||
CVE-2012-2611 | 1 Sap | 1 Netweaver | 2025-04-11 | 9.3 HIGH | N/A |
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | |||||
CVE-2013-1245 | 1 Cisco | 1 Webex Social | 2025-04-11 | 4.0 MEDIUM | N/A |
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. | |||||
CVE-2011-0624 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. | |||||
CVE-2013-1985 | 1 X | 1 Libxinerama | 2025-04-11 | 6.8 MEDIUM | N/A |
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. | |||||
CVE-2010-5185 | 1 Comodo | 1 Comodo Internet Security | 2025-04-11 | 10.0 HIGH | N/A |
The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors. | |||||
CVE-2010-0360 | 1 Sun | 1 Java System Web Server | 2025-04-11 | 10.0 HIGH | N/A |
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. | |||||
CVE-2012-4918 | 1 Activision | 1 Call Of Duty Elite | 2025-04-11 | 5.8 MEDIUM | N/A |
Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | |||||
CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2012-5800 | 1 Prestashop | 2 Ebay Module, Prestashop | 2025-04-11 | 5.8 MEDIUM | N/A |
The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |