Total
9733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2818 | 1 Alstom | 1 E-terracontrol | 2024-02-28 | 4.7 MEDIUM | N/A |
The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. | |||||
CVE-2012-5782 | 1 Amazon | 1 Flexible Payments Service | 2024-02-28 | 5.8 MEDIUM | N/A |
Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain "true" value. | |||||
CVE-2012-0247 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | |||||
CVE-2012-2240 | 1 Devscripts Devel Team | 1 Devscripts | 2024-02-28 | 7.5 HIGH | N/A |
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | |||||
CVE-2013-0518 | 1 Ibm | 1 Sterling Secure Proxy | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2013-2083 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | N/A |
The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request. | |||||
CVE-2012-4850 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.5 HIGH | N/A |
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | |||||
CVE-2013-1881 | 1 Gnome | 1 Librsvg | 2024-02-28 | 4.3 MEDIUM | N/A |
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-6560 | 1 Freenac | 1 Freenac | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter. | |||||
CVE-2012-4091 | 1 Cisco | 1 Nx-os | 2024-02-28 | 5.0 MEDIUM | N/A |
The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | |||||
CVE-2012-5804 | 2 Cybersource Module Project, Ubercart | 2 Cybersource, Ubercart | 2024-02-28 | 5.8 MEDIUM | N/A |
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2011-1398 | 1 Php | 1 Php | 2024-02-28 | 4.3 MEDIUM | N/A |
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. | |||||
CVE-2012-0676 | 1 Apple | 1 Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. | |||||
CVE-2013-1093 | 1 Novell | 1 Zenworks Configuration Management | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter. | |||||
CVE-2013-1051 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Apt | 2024-02-28 | 4.3 MEDIUM | N/A |
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. | |||||
CVE-2013-6359 | 1 Munin-monitoring | 1 Munin | 2024-02-28 | 4.3 MEDIUM | N/A |
Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. | |||||
CVE-2013-2140 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 3.8 LOW | N/A |
The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature. | |||||
CVE-2011-3295 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 7.8 HIGH | N/A |
The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888. | |||||
CVE-2013-5479 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. | |||||
CVE-2012-4538 | 1 Xen | 1 Xen | 2024-02-28 | 4.9 MEDIUM | N/A |
The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. |