Total
9731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3903 | 1 Microsoft | 4 Windows 8, Windows Rt, Windows Rt 8.1 and 1 more | 2024-02-28 | 4.7 MEDIUM | N/A |
| Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | |||||
| CVE-2012-2002 | 1 Hp | 1 Snmp Agents For Linux | 2024-02-28 | 8.3 HIGH | N/A |
| Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-6282 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
| The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. | |||||
| CVE-2013-2230 | 1 Redhat | 1 Libvirt | 2024-02-28 | 4.0 MEDIUM | N/A |
| The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration." | |||||
| CVE-2013-5539 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2024-02-28 | 6.0 MEDIUM | N/A |
| The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511. | |||||
| CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2013-7019 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 6.8 MEDIUM | N/A |
| The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2012-0068 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
| The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. | |||||
| CVE-2012-5806 | 2 Paypal, Zen-cart | 2 Payments Pro, Zen Cart | 2024-02-28 | 5.8 MEDIUM | N/A |
| The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805. | |||||
| CVE-2013-7269 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
| The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2013-0221 | 2 Opensuse, Redhat | 2 Opensuse, Enterprise Linux | 2024-02-28 | 4.3 MEDIUM | N/A |
| The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. | |||||
| CVE-2011-4318 | 1 Dovecot | 1 Dovecot | 2024-02-28 | 5.8 MEDIUM | N/A |
| Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname. | |||||
| CVE-2012-2611 | 1 Sap | 1 Netweaver | 2024-02-28 | 9.3 HIGH | N/A |
| The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | |||||
| CVE-2012-6567 | 1 Project-redcap | 1 Redcap | 2024-02-28 | 6.5 MEDIUM | N/A |
| REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule. | |||||
| CVE-2012-5118 | 2 Apple, Google | 2 Mac Os X, Chrome | 2024-02-28 | 7.5 HIGH | N/A |
| Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-4254 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | N/A |
| The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event. | |||||
| CVE-2012-4695 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2024-02-28 | 7.1 HIGH | N/A |
| LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. | |||||
| CVE-2013-1621 | 1 Polarssl | 1 Polarssl | 2024-02-28 | 4.3 MEDIUM | N/A |
| Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169. | |||||
| CVE-2013-0926 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
| Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | |||||
| CVE-2012-2246 | 1 Mahara | 1 Mahara | 2024-02-28 | 6.8 MEDIUM | N/A |
| Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php. | |||||