Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5968 | 1 Huawei | 2 E585, E585u-82 | 2024-02-28 | 4.8 MEDIUM | N/A |
The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. | |||||
CVE-2013-5716 | 1 Gomlab | 1 Gom Player | 2024-02-28 | 4.3 MEDIUM | N/A |
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file. | |||||
CVE-2013-6011 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware | 2024-02-28 | 7.8 HIGH | N/A |
Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. | |||||
CVE-2013-7001 | 1 Nowsms | 1 Now Sms \& Mms Gateway | 2024-02-28 | 4.3 MEDIUM | N/A |
The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 or (2) MM7 connection. | |||||
CVE-2012-6554 | 1 A51dev | 1 Activecollab Chat Module | 2024-02-28 | 6.5 MEDIUM | N/A |
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch. | |||||
CVE-2013-4095 | 1 Imperva | 1 Securesphere | 2024-02-28 | 6.5 MEDIUM | N/A |
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field. | |||||
CVE-2012-2733 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. | |||||
CVE-2013-2232 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. | |||||
CVE-2012-1890 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." | |||||
CVE-2012-0703 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Information Services Framework | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2013-2178 | 1 Fail2ban | 1 Fail2ban | 2024-02-28 | 5.0 MEDIUM | N/A |
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request. | |||||
CVE-2013-6971 | 1 Cisco | 1 Webex Training Center | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. | |||||
CVE-2014-1405 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2024-02-28 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. | |||||
CVE-2012-5805 | 2 Paypal, Zen-cart | 2 Instant Payment Notification, Zen Cart | 2024-02-28 | 5.8 MEDIUM | N/A |
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806. | |||||
CVE-2013-1763 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. | |||||
CVE-2013-0078 | 1 Microsoft | 3 Windows 8, Windows Defender, Windows Rt | 2024-02-28 | 7.2 HIGH | N/A |
The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." | |||||
CVE-2013-6015 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. | |||||
CVE-2012-4079 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.0 MEDIUM | N/A |
The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206. | |||||
CVE-2011-3283 | 1 Cisco | 1 Carrier Routing System | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a denial of service (Metro subsystem crash) via a fragmented GRE packet, aka Bug ID CSCts14887. | |||||
CVE-2012-2294 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2024-02-28 | 6.8 MEDIUM | N/A |
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. |