Total
9733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5462 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements. | |||||
CVE-2013-7079 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2011-1080 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. | |||||
CVE-2013-6334 | 1 Ibm | 4 Atlas Ediscovery Process Management, Atlas Suite, Disposal And Governance Management For It and 1 more | 2024-02-28 | 6.4 MEDIUM | N/A |
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) do not properly validate sessions, which allows remote attackers to bypass intended access restrictions, and visit PolicyAtlas/ResponseDraftServlet (aka the Compliance Questionnaire Save Draft servlet), via unspecified vectors. | |||||
CVE-2002-2443 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-02-28 | 5.0 MEDIUM | N/A |
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. | |||||
CVE-2013-1135 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2024-02-28 | 7.1 HIGH | N/A |
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155. | |||||
CVE-2011-2391 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2024-02-28 | 6.1 MEDIUM | N/A |
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | |||||
CVE-2013-6706 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 5.4 MEDIUM | N/A |
The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | |||||
CVE-2013-5545 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2024-02-28 | 7.8 HIGH | N/A |
The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. | |||||
CVE-2013-6339 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. | |||||
CVE-2012-4085 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.0 MEDIUM | N/A |
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. | |||||
CVE-2012-3498 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 5.6 MEDIUM | N/A |
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | |||||
CVE-2012-2004 | 2 Hp, Microsoft | 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more | 2024-02-28 | 8.3 HIGH | N/A |
Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2012-4176 | 1 Adobe | 1 Shockwave Player | 2024-02-28 | 10.0 HIGH | N/A |
Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2012-2104 | 1 Munin-monitoring | 1 Munin | 2024-02-28 | 6.8 MEDIUM | N/A |
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request. | |||||
CVE-2013-3674 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 4.3 MEDIUM | N/A |
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. | |||||
CVE-2012-1927 | 1 Opera | 1 Opera Browser | 2024-02-28 | 6.4 MEDIUM | N/A |
Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. | |||||
CVE-2013-1223 | 1 Cisco | 1 Unified Customer Voice Portal | 2024-02-28 | 7.8 HIGH | N/A |
The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372. | |||||
CVE-2012-2336 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | |||||
CVE-2013-1694 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. |