Total
10361 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1154 | 1 Gentoo | 1 Logrotate | 2025-04-11 | 6.9 MEDIUM | N/A |
| The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | |||||
| CVE-2012-5825 | 1 Tweepy | 1 Tweepy | 2025-04-11 | 5.8 MEDIUM | N/A |
| Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library. | |||||
| CVE-2010-0270 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 10.0 HIGH | N/A |
| The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability." | |||||
| CVE-2012-5795 | 2 Akunamachata, Oscommerce | 2 Paypal Express Module, Oscommerce | 2025-04-11 | 5.8 MEDIUM | N/A |
| The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-0500 | 1 Ibm | 2 Storwize V7000 Unified, Storwize V7000 Unified Software | 2025-04-11 | 5.4 MEDIUM | N/A |
| IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation. | |||||
| CVE-2012-0149 | 1 Microsoft | 1 Windows Server 2003 | 2025-04-11 | 7.2 HIGH | N/A |
| afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2013-5175 | 1 Apple | 1 Mac Os X | 2025-04-11 | 6.6 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||||
| CVE-2011-0042 | 1 Microsoft | 5 Windows 7, Windows Media Center Tv Pack, Windows Vista and 2 more | 2025-04-11 | 9.3 HIGH | 7.8 HIGH |
| SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." | |||||
| CVE-2010-1587 | 1 Apache | 1 Activemq | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp. | |||||
| CVE-2008-7274 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. | |||||
| CVE-2010-4297 | 1 Vmware | 6 Esx, Esxi, Fusion and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. | |||||
| CVE-2011-4554 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | 5.5 MEDIUM | N/A |
| One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue. | |||||
| CVE-2010-2827 | 1 Cisco | 1 Ios | 2025-04-11 | 7.8 HIGH | N/A |
| Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193. | |||||
| CVE-2011-1438 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs. | |||||
| CVE-2012-4556 | 1 Redhat | 1 Certificate System | 2025-04-11 | 4.0 MEDIUM | N/A |
| The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query. | |||||
| CVE-2013-3925 | 1 Atlassian | 1 Crowd | 2025-04-11 | 5.8 MEDIUM | N/A |
| Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference. | |||||
| CVE-2010-0602 | 1 Cisco | 1 Pgw 2200 Softswitch | 2025-04-11 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606. | |||||
| CVE-2013-3951 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-11 | 4.6 MEDIUM | N/A |
| sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. | |||||
| CVE-2014-0662 | 1 Cisco | 2 Telepresence Video Communication Server Software, Telepresence Video Communication Servers Software | 2025-04-11 | 7.1 HIGH | N/A |
| The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632. | |||||
| CVE-2013-5576 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
| administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. | |||||