Total
10416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1853 | 1 Hp | 1 Intelligent Management Center | 2025-04-11 | 10.0 HIGH | N/A |
| tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table. | |||||
| CVE-2013-3511 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2010-4766 | 1 Otrs | 1 Otrs | 2025-04-11 | 4.3 MEDIUM | N/A |
| The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. | |||||
| CVE-2011-2716 | 2 Busybox, T-mobile | 2 Busybox, Tm-ac1900 | 2025-04-11 | 6.8 MEDIUM | N/A |
| The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | |||||
| CVE-2010-4199 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. | |||||
| CVE-2013-7294 | 1 Libreswan | 1 Libreswan | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload. | |||||
| CVE-2011-2357 | 1 Google | 1 Android | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain. | |||||
| CVE-2010-3901 | 1 Infradead | 1 Openconnect | 2025-04-11 | 6.4 MEDIUM | N/A |
| OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option. | |||||
| CVE-2013-1911 | 2 Mark Burns, Ruby-lang | 2 Ldoce, Ruby | 2025-04-11 | 6.8 MEDIUM | N/A |
| lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name. | |||||
| CVE-2011-0163 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2025-04-11 | 4.3 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | |||||
| CVE-2014-0654 | 1 Cisco | 1 Context Directory Agent | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383. | |||||
| CVE-2011-3875 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | |||||
| CVE-2010-2298 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 10.0 HIGH | N/A |
| browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrictions via vectors involving fchdir and chdir calls. | |||||
| CVE-2011-2802 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2013-0964 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-11 | 3.6 LOW | N/A |
| The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. | |||||
| CVE-2013-1028 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-11 | 5.8 MEDIUM | N/A |
| The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||||
| CVE-2011-0478 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2010-2474 | 1 Redhat | 2 Jboss Enterprise Service Bus, Jboss Enterprise Soa Platform | 2025-04-11 | 3.5 LOW | N/A |
| JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service. | |||||
| CVE-2013-2811 | 2 Catapultsoftware, Ge | 4 Catapult Dnp3 I\/o Driver, Intelligent Platforms Proficy Dnp3 I\/o Driver, Intelligent Platforms Proficy Hmi\/scada Cimplicity and 1 more | 2025-04-11 | 7.1 HIGH | N/A |
| The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. | |||||
| CVE-2011-1001 | 1 Google | 1 Android Sdk | 2025-04-11 | 4.3 MEDIUM | N/A |
| dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method. | |||||