Total
10024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4535 | 1 Djangoproject | 1 Django | 2024-02-04 | 5.0 MEDIUM | N/A |
| The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | |||||
| CVE-2011-0664 | 1 Microsoft | 8 .net Framework, Silverlight, Windows 2003 Server and 5 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." | |||||
| CVE-2010-3709 | 1 Php | 1 Php | 2024-02-04 | 4.3 MEDIUM | N/A |
| The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. | |||||
| CVE-2010-3432 | 5 Canonical, Debian, Linux and 2 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-02-04 | 7.8 HIGH | N/A |
| The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. | |||||
| CVE-2011-1804 | 1 Google | 1 Chrome | 2024-02-04 | 7.5 HIGH | N/A |
| rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2010-0305 | 1 Process-one | 1 Ejabberd | 2024-02-04 | 5.0 MEDIUM | N/A |
| ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload. | |||||
| CVE-2012-1198 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2024-02-04 | 7.5 HIGH | N/A |
| base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action. | |||||
| CVE-2011-2590 | 1 Uusee | 2 Uuplayer Activex Control, Uusee | 2024-02-04 | 9.3 HIGH | N/A |
| The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 allows remote attackers to execute arbitrary programs via a UNC share pathname in the MPlayerPath parameter. | |||||
| CVE-2011-0592 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. | |||||
| CVE-2008-7269 | 1 Boka | 1 Siteengine | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. | |||||
| CVE-2011-2660 | 1 Suse | 2 Linux Enterprise Desktop, Vpnc | 2024-02-04 | 7.5 HIGH | N/A |
| The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name. | |||||
| CVE-2011-0161 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-02-04 | 4.3 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | |||||
| CVE-2010-0601 | 1 Cisco | 1 Pgw 2200 Softswitch | 2024-02-04 | 7.8 HIGH | N/A |
| The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126. | |||||
| CVE-2008-2953 | 1 Linux | 1 Direct Connect | 2024-02-04 | 5.0 MEDIUM | N/A |
| Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference. | |||||
| CVE-2008-4388 | 1 Symantec | 1 Appstream Client | 2024-02-04 | 9.3 HIGH | N/A |
| The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods. | |||||
| CVE-2008-4363 | 1 Deslock | 1 Deslock | 2024-02-04 | 7.2 HIGH | N/A |
| DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended. | |||||
| CVE-2008-3844 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 9.3 HIGH | N/A |
| Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. | |||||
| CVE-2008-4919 | 1 Visagesoft | 1 Expert Pdf Viewer Activex | 2024-02-04 | 8.8 HIGH | N/A |
| Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. | |||||
| CVE-2008-5712 | 1 Kde | 1 Konqueror | 2024-02-04 | 5.0 MEDIUM | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. | |||||
| CVE-2008-4559 | 1 Hp | 1 Openview Network Node Manager | 2024-02-04 | 10.0 HIGH | N/A |
| HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205. | |||||