Total
10029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2619 | 2 Apple, Broadcom | 3 Iphone Os, Bcm4325, Bcm4329 | 2024-02-04 | 7.8 HIGH | N/A |
| The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. | |||||
| CVE-2012-4092 | 1 Cisco | 1 Unified Computing System | 2024-02-04 | 5.8 MEDIUM | N/A |
| The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683. | |||||
| CVE-2013-7001 | 1 Nowsms | 1 Now Sms \& Mms Gateway | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 or (2) MM7 connection. | |||||
| CVE-2012-0146 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." | |||||
| CVE-2013-6966 | 1 Cisco | 1 Webex Training Center | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | |||||
| CVE-2013-0837 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-04 | 7.5 HIGH | N/A |
| Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | |||||
| CVE-2013-1028 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 5.8 MEDIUM | N/A |
| The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-5136 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-04 | 6.8 MEDIUM | N/A |
| Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document. | |||||
| CVE-2012-0339 | 1 Cisco | 1 Ios | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. | |||||
| CVE-2012-1850 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." | |||||
| CVE-2013-2503 | 1 Privoxy | 1 Privoxy | 2024-02-04 | 5.8 MEDIUM | N/A |
| Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code. | |||||
| CVE-2013-5493 | 1 Cisco | 2 Virtualization Experience Client 6000, Virtualization Experience Client 6000 Series Firmware | 2024-02-04 | 6.8 MEDIUM | N/A |
| The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407. | |||||
| CVE-2013-1122 | 1 Cisco | 2 Nexus 7000, Nx-os | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtualization (OTV) configuration is used, allows remote attackers to cause a denial of service (M1-Series module reload) via crafted packets, aka Bug ID CSCud15673. | |||||
| CVE-2012-6301 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | |||||
| CVE-2013-4314 | 2 Canonical, Jean-paul Calderone | 2 Ubuntu Linux, Pyopenssl | 2024-02-04 | 4.3 MEDIUM | N/A |
| The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
| CVE-2012-5815 | 1 Rackspace | 1 Rackspace | 2024-02-04 | 5.8 MEDIUM | N/A |
| The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-4632 | 1 Huawei | 1 Access Router | 2024-02-04 | 7.8 HIGH | N/A |
| The Huawei Access Router (AR) before V200R002SPC003 allows remote attackers to cause a denial of service (device reset) via a crafted field in a DHCP request, as demonstrated by a request from an IP phone. | |||||
| CVE-2012-2733 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.0 MEDIUM | N/A |
| java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. | |||||
| CVE-2012-0705 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Metabrokers \& Bridges | 2024-02-04 | 7.1 HIGH | N/A |
| InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors. | |||||
| CVE-2011-4871 | 1 Opcsystems | 1 Opcsystems.net | 2024-02-04 | 5.0 MEDIUM | N/A |
| Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. | |||||