Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0066 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. | |||||
CVE-2012-1177 | 1 Gnome | 1 Libgdata | 2024-02-28 | 5.1 MEDIUM | N/A |
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. | |||||
CVE-2013-3277 | 1 Emc | 1 Rsa Archer Egrc | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2011-4914 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2024-02-28 | 6.4 MEDIUM | N/A |
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. | |||||
CVE-2012-4092 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.8 MEDIUM | N/A |
The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. | |||||
CVE-2013-3899 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-02-28 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate addresses, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." | |||||
CVE-2012-4001 | 2 Apache, Google | 2 Http Server, Mod Pagespeed | 2024-02-28 | 5.0 MEDIUM | N/A |
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers. | |||||
CVE-2012-2825 | 1 Google | 1 Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. | |||||
CVE-2013-3872 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3873, CVE-2013-3882, and CVE-2013-3885. | |||||
CVE-2012-6085 | 1 Gnupg | 1 Gnupg | 2024-02-28 | 5.8 MEDIUM | N/A |
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet. | |||||
CVE-2013-1585 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 2.9 LOW | N/A |
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
CVE-2012-3010 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2024-02-28 | 10.0 HIGH | N/A |
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. | |||||
CVE-2013-2888 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.2 MEDIUM | N/A |
Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. | |||||
CVE-2013-4788 | 1 Gnu | 2 Eglibc, Glibc | 2024-02-28 | 5.1 MEDIUM | N/A |
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | |||||
CVE-2010-5099 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 6.8 MEDIUM | N/A |
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | |||||
CVE-2012-3443 | 1 Djangoproject | 1 Django | 2024-02-28 | 5.0 MEDIUM | N/A |
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. | |||||
CVE-2012-0165 | 1 Microsoft | 3 Office, Windows Server 2008, Windows Vista | 2024-02-28 | 9.3 HIGH | N/A |
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." | |||||
CVE-2013-0081 | 1 Microsoft | 4 Sharepoint Foundation, Sharepoint Portal Server, Sharepoint Server and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability." | |||||
CVE-2013-5029 | 2 Opensuse, Phpmyadmin | 2 Opensuse, Phpmyadmin | 2024-02-28 | 4.3 MEDIUM | N/A |
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. | |||||
CVE-2012-6395 | 1 Cisco | 4 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 1000v Cloud Firewall and 1 more | 2024-02-28 | 6.3 MEDIUM | N/A |
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. |