Total
10029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2629 | 1 Idleman | 1 Leed | 2024-02-04 | 5.0 MEDIUM | N/A |
| Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php. | |||||
| CVE-2013-1819 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.6 MEDIUM | N/A |
| The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. | |||||
| CVE-2012-4096 | 1 Cisco | 1 Unified Computing System | 2024-02-04 | 6.2 MEDIUM | N/A |
| The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574. | |||||
| CVE-2012-3817 | 1 Isc | 1 Bind | 2024-02-04 | 7.8 HIGH | N/A |
| ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. | |||||
| CVE-2013-3378 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557. | |||||
| CVE-2012-4398 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
| The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. | |||||
| CVE-2011-5241 | 1 Services Twitter Group | 1 Services Twitter | 2024-02-04 | 5.8 MEDIUM | N/A |
| Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-1147 | 2 Apple, Libexpat Project | 2 Mac Os X, Libexpat | 2024-02-04 | 4.3 MEDIUM | N/A |
| readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | |||||
| CVE-2012-2493 | 4 Apple, Cisco, Linux and 1 more | 4 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. | |||||
| CVE-2012-3525 | 2 Jabber2, Jabberd2 | 2 Jabberd2, Jabberd2 | 2024-02-04 | 5.8 MEDIUM | N/A |
| s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. | |||||
| CVE-2013-5475 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. | |||||
| CVE-2013-1585 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 2.9 LOW | N/A |
| epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
| CVE-2012-5338 | 1 Jforum | 1 Jforum | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page. | |||||
| CVE-2013-4615 | 1 Canon | 9 Mg3100 Printer, Mg5300 Printer, Mg6100 Printer and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment." | |||||
| CVE-2012-0212 | 1 Devscripts Devel Team | 1 Devscripts | 2024-02-04 | 9.3 HIGH | N/A |
| debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. | |||||
| CVE-2013-0551 | 1 Ibm | 2 Application Manager For Smart Business, Tivoli Monitoring | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (abend) via a crafted URL. | |||||
| CVE-2013-2823 | 2 Catapultsoftware, Ge | 4 Catapult Dnp3 I\/o Driver, Intelligent Platforms Proficy Dnp3 I\/o Driver, Intelligent Platforms Proficy Hmi\/scada Cimplicity and 1 more | 2024-02-04 | 4.7 MEDIUM | N/A |
| The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | |||||
| CVE-2013-4673 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2024-02-04 | 5.8 MEDIUM | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt. | |||||
| CVE-2013-2804 | 1 Softwaretoolbox | 1 Top Server | 2024-02-04 | 7.1 HIGH | N/A |
| The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line. | |||||
| CVE-2013-3705 | 1 Novell | 1 Client | 2024-02-04 | 4.9 MEDIUM | N/A |
| The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL. | |||||