Total
10028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5717 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | N/A |
| The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. | |||||
| CVE-2012-6395 | 1 Cisco | 4 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 1000v Cloud Firewall and 1 more | 2024-02-04 | 6.3 MEDIUM | N/A |
| Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775. | |||||
| CVE-2013-1197 | 1 Cisco | 1 Unified Presence | 2024-02-04 | 6.8 MEDIUM | N/A |
| The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. | |||||
| CVE-2012-4609 | 1 Emc | 1 Rsa Netwitness Informer | 2024-02-04 | 4.3 MEDIUM | N/A |
| The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2012-0247 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | |||||
| CVE-2012-2336 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | |||||
| CVE-2012-5424 | 1 Cisco | 1 Secure Access Control Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | |||||
| CVE-2013-4551 | 1 Xen | 1 Xen | 2024-02-04 | 5.7 MEDIUM | N/A |
| Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution." | |||||
| CVE-2013-1572 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 2.9 LOW | N/A |
| The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||||
| CVE-2013-5745 | 2 Canonical, David King | 2 Ubuntu Linux, Vino | 2024-02-04 | 7.1 HIGH | N/A |
| The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication. | |||||
| CVE-2010-5099 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 6.8 MEDIUM | N/A |
| The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | |||||
| CVE-2013-7268 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
| The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. | |||||
| CVE-2011-2518 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
| The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name. | |||||
| CVE-2013-3556 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
| The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
| CVE-2012-2727 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | |||||
| CVE-2013-1291 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Server 2003 and 3 more | 2024-02-04 | 7.1 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability." | |||||
| CVE-2011-5251 | 1 Vbulletin | 1 Vbulletin | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | |||||
| CVE-2012-1172 | 1 Php | 1 Php | 2024-02-04 | 5.8 MEDIUM | N/A |
| The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. | |||||
| CVE-2013-1656 | 1 Spreecommerce | 1 Spree | 2024-02-04 | 4.3 MEDIUM | N/A |
| Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function. | |||||
| CVE-2013-4123 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-02-04 | 5.0 MEDIUM | N/A |
| client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||||