Total
10029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0004 | 1 Microsoft | 9 .net Framework, Windows 7, Windows 8 and 6 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." | |||||
| CVE-2013-0715 | 1 Windriver | 1 Vxworks | 2024-02-04 | 4.0 MEDIUM | N/A |
| The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. | |||||
| CVE-2013-0873 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-04 | 10.0 HIGH | N/A |
| The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." | |||||
| CVE-2011-4957 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
| The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls. | |||||
| CVE-2013-1051 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Apt | 2024-02-04 | 4.3 MEDIUM | N/A |
| apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. | |||||
| CVE-2012-2940 | 1 Mediachance | 1 Real-draw Pro | 2024-02-04 | 4.3 MEDIUM | N/A |
| MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file. | |||||
| CVE-2013-1839 | 1 Squid-cache | 1 Squid | 2024-02-04 | 7.8 HIGH | N/A |
| The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header. | |||||
| CVE-2013-0830 | 3 Google, Microsoft, Opensuse | 3 Chrome, Windows, Opensuse | 2024-02-04 | 7.5 HIGH | N/A |
| The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors. | |||||
| CVE-2013-5716 | 1 Gomlab | 1 Gom Player | 2024-02-04 | 4.3 MEDIUM | N/A |
| Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file. | |||||
| CVE-2012-0853 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2024-02-04 | 6.8 MEDIUM | N/A |
| The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. | |||||
| CVE-2009-5136 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-02-04 | 4.0 MEDIUM | N/A |
| The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. | |||||
| CVE-2013-5498 | 1 Cisco | 1 Ios Xr | 2024-02-04 | 5.0 MEDIUM | N/A |
| The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | |||||
| CVE-2013-1318 | 1 Microsoft | 1 Publisher | 2024-02-04 | 10.0 HIGH | N/A |
| Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." | |||||
| CVE-2012-3429 | 1 Martin Nagy | 1 Bind-dyndb-ldap | 2024-02-04 | 5.0 MEDIUM | N/A |
| The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query. | |||||
| CVE-2012-4072 | 1 Cisco | 1 Unified Computing System | 2024-02-04 | 4.3 MEDIUM | N/A |
| The KVM subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers, and read keyboard and mouse events, by leveraging knowledge of this certificate's private key, aka Bug ID CSCte90327. | |||||
| CVE-2013-1648 | 1 Open-xchange | 1 Open-xchange Server | 2024-02-04 | 3.5 LOW | N/A |
| The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | |||||
| CVE-2009-5135 | 1 Nextapp | 1 Echo | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-1172 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-02-04 | 6.6 MEDIUM | N/A |
| The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. | |||||
| CVE-2013-1176 | 1 Cisco | 12 Telepresence Mcu 4500 Series Software, Telepresence Mcu 4501, Telepresence Mcu 4501 Series Software and 9 more | 2024-02-04 | 7.1 HIGH | N/A |
| The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. | |||||
| CVE-2013-7255 | 1 Opsview | 1 Opsview | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||