Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0082 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
| actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. | |||||
| CVE-2011-2118 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 9.3 HIGH | N/A |
| The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability." | |||||
| CVE-2013-2250 | 1 Apache | 1 Ofbiz | 2025-04-11 | 10.0 HIGH | N/A |
| Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions. | |||||
| CVE-2014-0020 | 1 Pidgin | 1 Pidgin | 2025-04-11 | 5.0 MEDIUM | N/A |
| The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. | |||||
| CVE-2013-2788 | 1 Subnet | 1 Substation Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. | |||||
| CVE-2011-1581 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 9.0 HIGH | N/A |
| The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. | |||||
| CVE-2011-2022 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more | 2025-04-11 | 6.9 MEDIUM | N/A |
| The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. | |||||
| CVE-2011-1094 | 1 Redhat | 1 Kdelibs | 2025-04-11 | 4.3 MEDIUM | N/A |
| kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. | |||||
| CVE-2010-0719 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | 4.7 MEDIUM | N/A |
| An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2013-0120 | 1 Dell | 1 Powerconnect 6248p | 2025-04-11 | 7.8 HIGH | N/A |
| The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. | |||||
| CVE-2011-4015 | 1 Cisco | 1 Ios | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. | |||||
| CVE-2013-5029 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2025-04-11 | 4.3 MEDIUM | N/A |
| phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. | |||||
| CVE-2011-5055 | 1 Maradns | 1 Maradns | 2025-04-11 | 5.0 MEDIUM | N/A |
| MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024. | |||||
| CVE-2013-2818 | 1 Alstom | 1 E-terracontrol | 2025-04-11 | 4.7 MEDIUM | N/A |
| The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. | |||||
| CVE-2010-0101 | 1 Lexmark | 61 25xxn, C510, C52x and 58 more | 2025-04-11 | 7.8 HIGH | N/A |
| The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. | |||||
| CVE-2012-4099 | 1 Cisco | 1 Nx-os | 2025-04-11 | 4.3 MEDIUM | N/A |
| The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065. | |||||
| CVE-2013-1763 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
| Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. | |||||
| CVE-2012-0180 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 7.2 HIGH | 7.8 HIGH |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." | |||||
| CVE-2010-3240 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability." | |||||
| CVE-2011-3907 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors. | |||||