Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4122 | 1 Cisco | 1 Nx-os | 2024-02-28 | 6.2 MEDIUM | N/A |
The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | |||||
CVE-2012-0954 | 1 Debian | 1 Advanced Package Tool | 2024-02-28 | 2.6 LOW | N/A |
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. | |||||
CVE-2013-1985 | 1 X | 1 Libxinerama | 2024-02-28 | 6.8 MEDIUM | N/A |
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. | |||||
CVE-2013-3724 | 1 Monkey-project | 1 Monkey | 2024-02-28 | 5.0 MEDIUM | N/A |
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request. | |||||
CVE-2011-3952 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2024-02-28 | 6.8 MEDIUM | N/A |
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. | |||||
CVE-2012-1103 | 2 Gnu, Notmuchmail | 2 Emacs, Notmuch | 2024-02-28 | 4.3 MEDIUM | N/A |
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | |||||
CVE-2012-2488 | 1 Cisco | 3 Asr 9000 Rsp440 Router, Crs Performance Route Processor, Ios Xr | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. | |||||
CVE-2012-0735 | 1 Ibm | 1 Rational Appscan | 2024-02-28 | 7.6 HIGH | N/A |
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI. | |||||
CVE-2013-1710 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. | |||||
CVE-2012-3497 | 1 Xen | 1 Xen | 2024-02-28 | 6.9 MEDIUM | N/A |
(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. | |||||
CVE-2011-1166 | 1 Xen | 1 Xen | 2024-02-28 | 5.5 MEDIUM | N/A |
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. | |||||
CVE-2013-3954 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-28 | 6.9 MEDIUM | N/A |
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | |||||
CVE-2013-1336 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 5.0 MEDIUM | N/A |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." | |||||
CVE-2013-0331 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 4.0 MEDIUM | N/A |
Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. | |||||
CVE-2013-4123 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-02-28 | 5.0 MEDIUM | N/A |
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||||
CVE-2013-5046 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.2 MEDIUM | N/A |
Microsoft Internet Explorer 7 through 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2012-0221 | 1 Rockwellautomation | 2 Factorytalk, Rslogix 5000 | 2024-02-28 | 5.0 MEDIUM | N/A |
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. | |||||
CVE-2013-3299 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 4.3 MEDIUM | N/A |
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string. | |||||
CVE-2013-5717 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. | |||||
CVE-2013-5411 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. |