Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0146 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." | |||||
CVE-2012-0061 | 1 Rpm | 1 Rpm | 2024-02-28 | 6.8 MEDIUM | N/A |
The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. | |||||
CVE-2013-0849 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 9.3 HIGH | N/A |
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. | |||||
CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2024-02-28 | 5.8 MEDIUM | N/A |
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-7265 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
CVE-2013-2315 | 1 Lockon | 1 Ec-cube | 2024-02-28 | 5.0 MEDIUM | N/A |
data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request. | |||||
CVE-2013-1572 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 2.9 LOW | N/A |
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||||
CVE-2012-0211 | 1 Devscripts Devel Team | 1 Devscripts | 2024-02-28 | 9.3 HIGH | N/A |
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. | |||||
CVE-2013-6967 | 1 Cisco | 1 Webex Sales Center | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020. | |||||
CVE-2011-5236 | 1 Moneris | 1 Eselect Plus | 2024-02-28 | 5.8 MEDIUM | N/A |
Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-2788 | 1 Subnet | 1 Substation Server | 2024-02-28 | 4.3 MEDIUM | N/A |
The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. | |||||
CVE-2012-4087 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.1 MEDIUM | N/A |
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. | |||||
CVE-2012-0338 | 1 Cisco | 1 Ios | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. | |||||
CVE-2013-0216 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 5.2 MEDIUM | N/A |
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. | |||||
CVE-2013-1318 | 1 Microsoft | 1 Publisher | 2024-02-28 | 10.0 HIGH | N/A |
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." | |||||
CVE-2012-5796 | 2 Oscommerce, Paypal | 2 Oscommerce, Paypal Pro | 2024-02-28 | 5.8 MEDIUM | N/A |
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-3575 | 1 Hp | 1 Insight Diagnostics | 2024-02-28 | 5.0 MEDIUM | N/A |
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter. | |||||
CVE-2013-6636 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. | |||||
CVE-2013-3599 | 1 Trivantis | 1 Coursemill Learning Management System | 2024-02-28 | 9.3 HIGH | N/A |
userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html. | |||||
CVE-2012-4704 | 1 3s-software | 1 Codesys Gateway-server | 2024-02-28 | 10.0 HIGH | N/A |
Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. |