Total
10438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1103 | 2 Gnu, Notmuchmail | 2 Emacs, Notmuch | 2025-04-11 | 4.3 MEDIUM | N/A |
| emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | |||||
| CVE-2011-2150 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an "XML injection" issue. | |||||
| CVE-2010-2872 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2013-1161 | 1 Cisco | 1 Jabber Im | 2025-04-11 | 6.3 MEDIUM | N/A |
| The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383. | |||||
| CVE-2010-3268 | 3 Intel, Microsoft, Symantec | 4 Intel Alert Management System, Windows 2000, Antivirus and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. | |||||
| CVE-2010-0929 | 1 Perforce | 1 Perforce Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. | |||||
| CVE-2008-7312 | 1 Websense | 1 Enterprise | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address. | |||||
| CVE-2013-6282 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.2 HIGH | 8.8 HIGH |
| The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. | |||||
| CVE-2013-5481 | 1 Cisco | 1 Ios | 2025-04-11 | 7.1 HIGH | N/A |
| The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817. | |||||
| CVE-2013-2116 | 1 Gnu | 1 Gnutls | 2025-04-11 | 5.0 MEDIUM | N/A |
| The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. | |||||
| CVE-2012-1589 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | |||||
| CVE-2012-4850 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2013-1223 | 1 Cisco | 1 Unified Customer Voice Portal | 2025-04-11 | 7.8 HIGH | N/A |
| The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372. | |||||
| CVE-2010-1189 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue." | |||||
| CVE-2013-5545 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2025-04-11 | 7.8 HIGH | N/A |
| The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) by sending many PPTP packets over NAT, aka Bug ID CSCuh19936. | |||||
| CVE-2013-2088 | 3 Apache, Collabnet, Opensuse | 3 Subversion, Subversion, Opensuse | 2025-04-11 | 7.1 HIGH | N/A |
| contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2011-2092 | 1 Adobe | 3 Blazeds, Livecycle, Livecycle Data Services | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." | |||||
| CVE-2010-4396 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. | |||||
| CVE-2009-3245 | 1 Openssl | 1 Openssl | 2025-04-11 | 10.0 HIGH | N/A |
| OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | |||||
| CVE-2010-3233 | 1 Microsoft | 1 Excel | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." | |||||