Total
11774 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0925 | 1 Cisco | 1 Secure Desktop | 2025-04-11 | 9.3 HIGH | N/A |
| The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926. | |||||
| CVE-2010-2580 | 1 Mailenable | 1 Mailenable | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error." | |||||
| CVE-2013-7263 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. | |||||
| CVE-2013-1655 | 3 Puppet, Puppetlabs, Ruby-lang | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." | |||||
| CVE-2013-1572 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 2.9 LOW | N/A |
| The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||||
| CVE-2013-3159 | 1 Microsoft | 1 Excel | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability." | |||||
| CVE-2012-4079 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 5.0 MEDIUM | N/A |
| The XML API service in the Fabric Interconnect component in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service (API service outage) via a malformed XML document in a packet, aka Bug ID CSCtg48206. | |||||
| CVE-2012-3572 | 2 Nurul Hidayah Hamazulan, Oscc | 2 Mymesyuarat, Mymeeting | 2025-04-11 | 6.0 MEDIUM | N/A |
| Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. | |||||
| CVE-2012-1927 | 1 Opera | 1 Opera Browser | 2025-04-11 | 6.4 MEDIUM | N/A |
| Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. | |||||
| CVE-2012-1147 | 2 Apple, Libexpat Project | 2 Mac Os X, Libexpat | 2025-04-11 | 4.3 MEDIUM | N/A |
| readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | |||||
| CVE-2013-4390 | 1 Apache | 2 Sling, Sling Auth Core Component | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS." | |||||
| CVE-2012-5791 | 1 Paypal | 1 Invoicing | 2025-04-11 | 5.8 MEDIUM | N/A |
| PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2011-5241 | 1 Services Twitter Group | 1 Services Twitter | 2025-04-11 | 5.8 MEDIUM | N/A |
| Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-4704 | 1 3s-software | 1 Codesys Gateway-server | 2025-04-11 | 10.0 HIGH | N/A |
| Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2011-1428 | 1 Flashtux | 1 Weechat | 2025-04-11 | 5.8 MEDIUM | N/A |
| Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API. | |||||
| CVE-2012-4026 | 1 Johnsoncontrols | 2 Pegasys P2000 Server, Pegasys P2000 Server Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | |||||
| CVE-2010-3240 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability." | |||||
| CVE-2013-1985 | 1 X | 1 Libxinerama | 2025-04-11 | 6.8 MEDIUM | N/A |
| Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. | |||||
| CVE-2011-5242 | 1 Themattharris | 1 Tmhoauth | 2025-04-11 | 5.8 MEDIUM | N/A |
| tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-1108 | 1 Scott Wheeler | 1 Taglib | 2025-04-11 | 4.3 MEDIUM | N/A |
| The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. | |||||