Total
11772 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1186 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code. | |||||
| CVE-2010-3616 | 1 Isc | 1 Dhcp | 2025-04-11 | 5.0 MEDIUM | N/A |
| ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520. | |||||
| CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 6.3 MEDIUM | N/A |
| Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | |||||
| CVE-2014-1861 | 1 Jetroplatforms | 1 Jetro Cockpit Secure Browsing | 2025-04-11 | 9.3 HIGH | N/A |
| The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension. | |||||
| CVE-2010-4034 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
| Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2010-1807 | 3 Apple, Google, Webkitgtk | 3 Safari, Android, Webkitgtk | 2025-04-11 | 9.3 HIGH | N/A |
| WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | |||||
| CVE-2011-4783 | 2 Google, Hex-rays | 2 Idapython, Ida | 2025-04-11 | 9.3 HIGH | N/A |
| The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory. | |||||
| CVE-2013-2088 | 3 Apache, Collabnet, Opensuse | 3 Subversion, Subversion, Opensuse | 2025-04-11 | 7.1 HIGH | N/A |
| contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2012-4087 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 5.1 MEDIUM | N/A |
| A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. | |||||
| CVE-2014-0254 | 1 Microsoft | 3 Windows 8, Windows Rt, Windows Server 2012 | 2025-04-11 | 7.8 HIGH | N/A |
| The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability." | |||||
| CVE-2013-2814 | 1 Cooperindustries | 1 Dnp3 Master Opc Server | 2025-04-11 | 7.1 HIGH | N/A |
| Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. | |||||
| CVE-2012-6072 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2011-4409 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | 7.5 HIGH | N/A |
| The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack. | |||||
| CVE-2011-2405 | 1 Hp | 2 Proliant Sl Advanced Power Manager, Proliant Sl Advanced Power Manager Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-5479 | 1 Cisco | 1 Ios | 2025-04-11 | 7.8 HIGH | N/A |
| The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 DNS TCP stream, aka Bug ID CSCtn53730. | |||||
| CVE-2012-0041 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-11 | 4.3 MEDIUM | N/A |
| The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. | |||||
| CVE-2013-0518 | 1 Ibm | 1 Sterling Secure Proxy | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2011-1989 | 1 Microsoft | 7 Excel, Excel Viewer, Excel Web App and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability." | |||||
| CVE-2012-0160 | 1 Microsoft | 1 .net Framework | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | |||||
| CVE-2010-4788 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 4.0 MEDIUM | N/A |
| IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search. | |||||