Total
10368 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4156 | 2 Php, Scottmac | 2 Php, Libmbfl | 2025-04-11 | 5.0 MEDIUM | N/A |
| The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). | |||||
| CVE-2012-5799 | 2 Prestashop, Presto-changeo | 2 Prestashop, Canadapost | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | |||||
| CVE-2012-3301 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers. | |||||
| CVE-2013-2315 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 5.0 MEDIUM | N/A |
| data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 does not properly validate the input to the password reminder function, which allows remote attackers to obtain sensitive information via a crafted request. | |||||
| CVE-2013-5470 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | |||||
| CVE-2010-2193 | 1 Ca | 2 Psformx Active X Control, Webscan Active X Control | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2012-4704 | 1 3s-software | 1 Codesys Gateway-server | 2025-04-11 | 10.0 HIGH | N/A |
| Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2012-2877 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 5.0 MEDIUM | N/A |
| The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2010-3239 | 1 Microsoft | 1 Excel | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." | |||||
| CVE-2012-0163 | 1 Microsoft | 1 .net Framework | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." | |||||
| CVE-2010-1235 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors. | |||||
| CVE-2010-4554 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-11 | 4.3 MEDIUM | N/A |
| functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2011-2705 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. | |||||
| CVE-2012-6034 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
| The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2013-0005 | 1 Microsoft | 9 .net Framework, Management Odata Iis Extension, Windows 7 and 6 more | 2025-04-11 | 7.8 HIGH | N/A |
| The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability." | |||||
| CVE-2013-5220 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2025-04-11 | 6.1 MEDIUM | N/A |
| goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data. | |||||
| CVE-2013-4180 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 5.0 MEDIUM | N/A |
| The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | |||||
| CVE-2013-1240 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.6 MEDIUM | N/A |
| The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. | |||||
| CVE-2012-6301 | 1 Google | 1 Android | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | |||||
| CVE-2012-2562 | 2 Google, Xelex | 2 Android, Mobiletrack | 2025-04-11 | 7.6 HIGH | N/A |
| The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message. | |||||