Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5220 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2024-02-28 | 6.1 MEDIUM | N/A |
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. | |||||
CVE-2013-2503 | 1 Privoxy | 1 Privoxy | 2024-02-28 | 5.8 MEDIUM | N/A |
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code. | |||||
CVE-2013-0686 | 1 Invensys | 1 Wonderware Information Server | 2024-02-28 | 9.3 HIGH | N/A |
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2011-4871 | 1 Opcsystems | 1 Opcsystems.net | 2024-02-28 | 5.0 MEDIUM | N/A |
Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. | |||||
CVE-2012-5799 | 2 Prestashop, Presto-changeo | 2 Prestashop, Canadapost | 2024-02-28 | 5.8 MEDIUM | N/A |
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | |||||
CVE-2013-1184 | 1 Cisco | 6 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect and 3 more | 2024-02-28 | 7.8 HIGH | N/A |
The management API in the XML API management service in the Manager component in Cisco Unified Computing System (UCS) 1.x before 1.2(1b) allows remote attackers to cause a denial of service (service outage) via a malformed request, aka Bug ID CSCtg48206. | |||||
CVE-2011-2502 | 1 Systemtap | 1 Systemtap | 2024-02-28 | 4.4 MEDIUM | N/A |
runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument. | |||||
CVE-2012-0128 | 1 Hp | 1 Onboard Administrator | 2024-02-28 | 5.8 MEDIUM | N/A |
HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2011-4231 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 6.3 MEDIUM | N/A |
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. | |||||
CVE-2013-0670 | 1 Siemens | 1 Wincc Tia Portal | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
CVE-2013-4402 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2024-02-28 | 5.0 MEDIUM | N/A |
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. | |||||
CVE-2013-5175 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.6 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||||
CVE-2013-5546 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2024-02-28 | 7.8 HIGH | N/A |
The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. | |||||
CVE-2013-2145 | 3 Canonical, Opensuse, Perlmonks | 3 Ubuntu Linux, Opensuse, Module\ | 2024-02-28 | 4.4 MEDIUM | N/A |
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/. | |||||
CVE-2013-6966 | 1 Cisco | 1 Webex Training Center | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | |||||
CVE-2012-5791 | 1 Paypal | 1 Invoicing | 2024-02-28 | 5.8 MEDIUM | N/A |
PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-4551 | 1 Xen | 1 Xen | 2024-02-28 | 5.7 MEDIUM | N/A |
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." | |||||
CVE-2009-5135 | 1 Nextapp | 1 Echo | 2024-02-28 | 5.0 MEDIUM | N/A |
The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-3411 | 2 Redhat, Thekelleys | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. | |||||
CVE-2012-2549 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2024-02-28 | 5.8 MEDIUM | N/A |
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." |