Total
29517 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2216 | 1 Digium | 1 Asterisk | 2025-04-11 | 5.0 MEDIUM | N/A |
| reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header. | |||||
| CVE-2010-3965 | 1 Microsoft | 5 Windows Media Encoder, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." | |||||
| CVE-2012-0045 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file. | |||||
| CVE-2010-5229 | 1 Sweetscape | 1 010 Editor | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1605 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." | |||||
| CVE-2010-4499 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
| Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2012-3450 | 1 Php | 1 Php | 2025-04-11 | 2.6 LOW | N/A |
| pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | |||||
| CVE-2010-3386 | 1 Lttng | 1 Ust | 2025-04-11 | 6.9 MEDIUM | N/A |
| usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2013-4236 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-11 | 2.7 LOW | N/A |
| VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | |||||
| CVE-2010-3361 | 1 Shrew | 1 Vpn Client | 2025-04-11 | 6.9 MEDIUM | N/A |
| The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-2838 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
| The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305. | |||||
| CVE-2011-0421 | 1 Php | 1 Php | 2025-04-11 | 4.3 MEDIUM | N/A |
| The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. | |||||
| CVE-2011-2493 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | |||||
| CVE-2010-3316 | 1 Linux-pam | 1 Linux-pam | 2025-04-11 | 3.3 LOW | N/A |
| The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check. | |||||
| CVE-2010-0657 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-11 | 9.3 HIGH | N/A |
| Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut. | |||||
| CVE-2013-0111 | 1 Nvidia | 1 Driver | 2025-04-11 | 6.8 MEDIUM | N/A |
| daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2010-2060 | 1 Wildbit | 1 Beanstalkd | 2025-04-11 | 7.5 HIGH | N/A |
| The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c. | |||||
| CVE-2010-2984 | 1 Cisco | 2 4404 Wireless Lan Controller, Unified Wireless Network Solution Software | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305. | |||||
| CVE-2010-3492 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
| The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. | |||||
| CVE-2011-4733 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 10.0 HIGH | N/A |
| The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. | |||||