Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-5241 | 1 Services Twitter Group | 1 Services Twitter | 2024-02-28 | 5.8 MEDIUM | N/A |
Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-0122 | 1 Avast | 1 Avast\! Mobile Security | 2024-02-28 | 1.9 LOW | N/A |
The avast! Mobile Security application before 2.0.4400 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments. | |||||
CVE-2012-1108 | 1 Scott Wheeler | 1 Taglib | 2024-02-28 | 4.3 MEDIUM | N/A |
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. | |||||
CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 6.3 MEDIUM | N/A |
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | |||||
CVE-2013-0308 | 1 Git-scm | 1 Git | 2024-02-28 | 4.3 MEDIUM | N/A |
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-4858 | 1 Microsoft | 2 Windows Movie Maker, Windows Xp | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | |||||
CVE-2013-7102 | 1 Optimizepress | 1 Optimizepress | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013. | |||||
CVE-2013-1655 | 3 Puppet, Puppetlabs, Ruby-lang | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." | |||||
CVE-2013-5745 | 2 Canonical, David King | 2 Ubuntu Linux, Vino | 2024-02-28 | 7.1 HIGH | N/A |
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication. | |||||
CVE-2013-1330 | 1 Microsoft | 5 Office Web Apps, Sharepoint Foundation, Sharepoint Portal Server and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability." | |||||
CVE-2013-1112 | 1 Cisco | 1 Carrier Routing System | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136. | |||||
CVE-2012-4110 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560. | |||||
CVE-2013-1165 | 1 Cisco | 8 Asr 1001, Asr 1002, Asr 1002-x and 5 more | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) allows remote attackers to cause a denial of service (card reload) by sending many crafted L2TP packets, aka Bug ID CSCtz23293. | |||||
CVE-2012-0212 | 1 Devscripts Devel Team | 1 Devscripts | 2024-02-28 | 9.3 HIGH | N/A |
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. | |||||
CVE-2012-2981 | 1 Gentoo | 1 Webmin | 2024-02-28 | 6.0 MEDIUM | N/A |
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. | |||||
CVE-2013-1196 | 1 Cisco | 11 Application Networking Manager, Context Directory Agent, Identity Services Engine Software and 8 more | 2024-02-28 | 6.8 MEDIUM | N/A |
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. | |||||
CVE-2013-2088 | 3 Apache, Collabnet, Opensuse | 3 Subversion, Subversion, Opensuse | 2024-02-28 | 7.1 HIGH | N/A |
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2012-2136 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. | |||||
CVE-2012-0674 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | |||||
CVE-2012-4032 | 1 Websitepanel | 1 Websitepanel | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx. |