Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2505 | 1 Saschart | 1 Sascam Webcam Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request. | |||||
| CVE-2010-4766 | 1 Otrs | 1 Otrs | 2024-02-04 | 4.3 MEDIUM | N/A |
| The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. | |||||
| CVE-2010-0433 | 1 Openssl | 1 Openssl | 2024-02-04 | 4.3 MEDIUM | N/A |
| The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. | |||||
| CVE-2011-4877 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2024-02-04 | 7.1 HIGH | N/A |
| HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP. | |||||
| CVE-2010-2877 | 1 Adobe | 1 Shockwave Player | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll. | |||||
| CVE-2010-4254 | 2 Mono, Novell | 2 Mono, Moonlight | 2024-02-04 | 7.5 HIGH | N/A |
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | |||||
| CVE-2010-0496 | 2 Apple, Freebit | 2 Iphone Os, Serversman | 2024-02-04 | 5.0 MEDIUM | N/A |
| FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. | |||||
| CVE-2010-1152 | 1 Memcachedb | 1 Memcached | 2024-02-04 | 5.0 MEDIUM | N/A |
| memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-2719 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 6.4 MEDIUM | N/A |
| libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. | |||||
| CVE-2011-0987 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 6.5 MEDIUM | N/A |
| The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. | |||||
| CVE-2011-3884 | 1 Google | 1 Chrome | 2024-02-04 | 6.8 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2010-4022 | 1 Mit | 1 Kerberos 5 | 2024-02-04 | 5.0 MEDIUM | N/A |
| The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. | |||||
| CVE-2010-2795 | 1 Joachim Fritschi | 1 Phpcas | 2024-02-04 | 4.0 MEDIUM | N/A |
| phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value. | |||||
| CVE-2010-4704 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-04 | 4.3 MEDIUM | N/A |
| libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. | |||||
| CVE-2010-0603 | 1 Cisco | 1 Pgw 2200 Softswitch | 2024-02-04 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030. | |||||
| CVE-2011-3367 | 1 Arora-browser | 1 Arora | 2024-02-04 | 5.0 MEDIUM | N/A |
| Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | |||||
| CVE-2010-2598 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 4.3 MEDIUM | N/A |
| LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." | |||||
| CVE-2011-0745 | 1 Sugarcrm | 1 Sugarcrm | 2024-02-04 | 4.0 MEDIUM | N/A |
| SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | |||||
| CVE-2009-4810 | 1 Samhain Labs | 1 Samhain | 2024-02-04 | 7.5 HIGH | N/A |
| The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input. | |||||
| CVE-2010-4035 | 1 Google | 1 Chrome | 2024-02-04 | 9.3 HIGH | N/A |
| Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | |||||