Total
10428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5431 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-4553 | 1 Oneclickorgs | 1 One Click Orgs | 2025-04-11 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain. | |||||
| CVE-2011-1323 | 2 Nec, Yamaha | 52 Ip38x\/1000, Ip38x\/103, Ip38x\/105 and 49 more | 2025-04-11 | 7.8 HIGH | N/A |
| Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location. | |||||
| CVE-2013-6414 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
| actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. | |||||
| CVE-2014-0660 | 1 Cisco | 1 Telepresence Isdn Gateway Software | 2025-04-11 | 7.1 HIGH | N/A |
| Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360. | |||||
| CVE-2013-3378 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-11 | 7.8 HIGH | N/A |
| Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 allow remote attackers to cause a denial of service (temporary device hang) via crafted SIP packets, aka Bug ID CSCuf89557. | |||||
| CVE-2013-6486 | 1 Pidgin | 1 Pidgin | 2025-04-11 | 9.3 HIGH | N/A |
| gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. | |||||
| CVE-2010-1167 | 1 Fetchmail | 1 Fetchmail | 2025-04-11 | 4.3 MEDIUM | N/A |
| fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list. | |||||
| CVE-2010-2021 | 2 Drupal, Nicholasthompson | 2 Drupal, Global Redirect | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. | |||||
| CVE-2014-0724 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
| The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | |||||
| CVE-2013-6048 | 1 Munin-monitoring | 1 Munin | 2025-04-11 | 5.0 MEDIUM | N/A |
| The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data. | |||||
| CVE-2013-6122 | 1 Qualcomm | 1 Quic Mobile Station Modem Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
| goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler. | |||||
| CVE-2011-4462 | 1 Plone | 1 Plone | 2025-04-11 | 5.0 MEDIUM | N/A |
| Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2010-0238 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more | 2025-04-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." | |||||
| CVE-2013-3406 | 1 Cisco | 1 Service Portal | 2025-04-11 | 6.8 MEDIUM | N/A |
| The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687. | |||||
| CVE-2013-4558 | 1 Apache | 2 Mod Dav Svn, Subversion | 2025-04-11 | 3.5 LOW | N/A |
| The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. | |||||
| CVE-2010-4256 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call. | |||||
| CVE-2011-4914 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2025-04-11 | 6.4 MEDIUM | N/A |
| The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. | |||||
| CVE-2006-7243 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. | |||||
| CVE-2013-0518 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||