Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3515 | 7 Canonical, Debian, Opensuse and 4 more | 14 Ubuntu Linux, Debian Linux, Opensuse and 11 more | 2024-02-28 | 7.2 HIGH | N/A |
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." | |||||
CVE-2013-0681 | 2 Cogentdatahub, Microsoft | 5 Cascade Datahub, Cogent Datahub, Datahub Quicktrend and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed data in a formatted text command. | |||||
CVE-2012-4858 | 1 Ibm | 1 Cognos Business Intelligence | 2024-02-28 | 9.3 HIGH | N/A |
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2012-4672 | 1 Apple | 1 Ichat Server | 2024-02-28 | 5.8 MEDIUM | N/A |
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||||
CVE-2013-1648 | 1 Open-xchange | 1 Open-xchange Server | 2024-02-28 | 3.5 LOW | N/A |
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | |||||
CVE-2013-0669 | 1 Siemens | 1 Wincc Tia Portal | 2024-02-28 | 4.0 MEDIUM | N/A |
The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. | |||||
CVE-2013-3574 | 1 Hp | 1 Insight Diagnostics | 2024-02-28 | 7.8 HIGH | N/A |
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter. | |||||
CVE-2012-5689 | 3 Canonical, Isc, Redhat | 8 Ubuntu Linux, Bind, Enterprise Linux Desktop and 5 more | 2024-02-28 | 7.1 HIGH | N/A |
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. | |||||
CVE-2012-5424 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | |||||
CVE-2012-3544 | 1 Apache | 1 Tomcat | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. | |||||
CVE-2013-2898 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 1.9 LOW | N/A |
drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. | |||||
CVE-2013-6833 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.9 MEDIUM | N/A |
The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. | |||||
CVE-2012-3691 | 1 Apple | 1 Safari | 2024-02-28 | 5.8 MEDIUM | N/A |
WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2012-4824 | 1 Ibm | 1 Lotus Notes Traveler | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter. | |||||
CVE-2011-4006 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2024-02-28 | 7.8 HIGH | N/A |
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565. | |||||
CVE-2013-2633 | 1 Matomo | 1 Matomo | 2024-02-28 | 5.0 MEDIUM | N/A |
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. | |||||
CVE-2014-1406 | 1 Conceptronic | 2 C54apm, C54apm Firmware | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. | |||||
CVE-2013-0198 | 1 Thekelleys | 1 Dnsmasq | 2024-02-28 | 5.0 MEDIUM | N/A |
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. | |||||
CVE-2013-5140 | 1 Apple | 1 Iphone Os | 2024-02-28 | 7.8 HIGH | N/A |
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||||
CVE-2011-5252 | 1 Orchardproject | 1 Orchard | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. |