Total
11772 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1167 | 1 Fetchmail | 1 Fetchmail | 2025-04-11 | 4.3 MEDIUM | N/A |
| fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list. | |||||
| CVE-2012-6099 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. | |||||
| CVE-2011-4530 | 1 Siemens | 1 Automation License Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function. | |||||
| CVE-2013-1661 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 4.3 MEDIUM | N/A |
| VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream. | |||||
| CVE-2013-2083 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
| The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request. | |||||
| CVE-2012-0163 | 1 Microsoft | 1 .net Framework | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." | |||||
| CVE-2013-3574 | 1 Hp | 1 Insight Diagnostics | 2025-04-11 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter. | |||||
| CVE-2013-5498 | 1 Cisco | 1 Ios Xr | 2025-04-11 | 5.0 MEDIUM | N/A |
| The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | |||||
| CVE-2011-1718 | 2 Broadcom, Ca | 2 Siteminder, Siteminder | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data. | |||||
| CVE-2011-1450 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers." | |||||
| CVE-2013-5475 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 through 3.9, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets that are processed locally by a (1) server or (2) relay agent, aka Bug ID CSCug31561. | |||||
| CVE-2011-3295 | 1 Cisco | 1 Ios Xr | 2025-04-11 | 7.8 HIGH | N/A |
| The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as used in Cisco Carrier Routing System and other products, allow remote attackers to cause a denial of service (CPU consumption) via crafted network traffic, aka Bug ID CSCti59888. | |||||
| CVE-2011-2490 | 1 Nrl | 1 Opie | 2025-04-11 | 7.2 HIGH | N/A |
| opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes. | |||||
| CVE-2012-0149 | 1 Microsoft | 1 Windows Server 2003 | 2025-04-11 | 7.2 HIGH | N/A |
| afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2013-7112 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 5.0 MEDIUM | N/A |
| The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2012-6101 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. | |||||
| CVE-2013-6982 | 1 Cisco | 1 Nx-os | 2025-04-11 | 4.3 MEDIUM | N/A |
| The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote attackers to cause a denial of service (peer reset) via a crafted message, aka Bug ID CSCuj03174. | |||||
| CVE-2011-2332 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2010-2597 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | |||||
| CVE-2013-3996 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-11 | 4.9 MEDIUM | N/A |
| IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. | |||||