Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1202 | 1 Cisco | 1 Ace Application Control Engine Module A2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco ACE A2(3.6) allows log retention DoS. | |||||
| CVE-2012-4284 | 1 Sparklabs | 1 Viscosity | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code | |||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||||
| CVE-2012-1101 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). | |||||
| CVE-2012-0718 | 1 Ibm | 1 Tivoli Endpoint Manager | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookies. | |||||
| CVE-2011-4820 | 1 Ibm | 1 Rational Asset Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences. | |||||
| CVE-2011-3614 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | |||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | |||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |||||
| CVE-2007-3732 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that "current" references work. Without this, "current" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash. | |||||
| CVE-2004-2776 | 1 Goscript Project | 1 Goscript | 2024-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | |||||
| CVE-2024-52428 | 1 Scripteo | 1 Ads Booster By Ads Pro | 2024-11-20 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. | |||||
| CVE-2024-11308 | 1 Trcore | 1 Dvc | 2024-11-20 | N/A | 6.2 MEDIUM |
| The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. | |||||
| CVE-2024-33027 | 1 Qualcomm | 180 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 177 more | 2024-11-20 | N/A | 8.4 HIGH |
| Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. | |||||
| CVE-2024-42392 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 4.0 MEDIUM |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | |||||
| CVE-2024-42383 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 4.2 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | |||||
| CVE-2024-42385 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 4.0 MEDIUM |
| Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | |||||
| CVE-2024-42386 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 8.2 HIGH |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | |||||
| CVE-2024-42387 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||
| CVE-2024-42388 | 1 Cesanta | 1 Mongoose | 2024-11-19 | N/A | 5.3 MEDIUM |
| Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | |||||