Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2433 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-02-04 | 4.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command. | |||||
| CVE-2010-2115 | 1 Solarwinds | 1 Tftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request. | |||||
| CVE-2011-0924 | 1 Hp | 1 Data Protector | 2024-02-04 | 10.0 HIGH | N/A |
| The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh. | |||||
| CVE-2012-0355 | 1 Cisco | 11 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Catalyst 6500 and 8 more | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634. | |||||
| CVE-2010-3933 | 1 Rubyonrails | 1 Rails | 2024-02-04 | 6.4 MEDIUM | N/A |
| Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. | |||||
| CVE-2009-4771 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2024-02-04 | 5.0 MEDIUM | N/A |
| The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors. | |||||
| CVE-2011-0922 | 1 Hp | 1 Data Protector | 2024-02-04 | 10.0 HIGH | N/A |
| The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname. | |||||
| CVE-2011-0051 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. | |||||
| CVE-2009-4372 | 1 Alienvault | 1 Open Source Security Information Management | 2024-02-04 | 7.5 HIGH | N/A |
| AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/. | |||||
| CVE-2010-2597 | 1 Libtiff | 1 Libtiff | 2024-02-04 | 4.3 MEDIUM | N/A |
| The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | |||||
| CVE-2010-4575 | 1 Google | 2 Chrome, Chrome Os | 2024-02-04 | 4.3 MEDIUM | N/A |
| The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted extension. | |||||
| CVE-2011-0087 | 1 Microsoft | 5 Windows 2003 Server, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-04 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." | |||||
| CVE-2010-1379 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. | |||||
| CVE-2011-2057 | 1 Cisco | 1 Ios | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327. | |||||
| CVE-2011-0040 | 1 Microsoft | 1 Windows 2003 Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." | |||||
| CVE-2011-0413 | 1 Isc | 1 Dhcp | 2024-02-04 | 7.8 HIGH | N/A |
| The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address. | |||||
| CVE-2011-2382 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. | |||||
| CVE-2010-1844 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. | |||||
| CVE-2010-4195 | 1 Adobe | 1 Shockwave Player | 2024-02-04 | 9.3 HIGH | N/A |
| The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-4685 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com. | |||||