Total
269 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4221 | 1 Restlet | 1 Restlet | 2025-04-11 | 7.5 HIGH | N/A |
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML. | |||||
CVE-2011-4504 | 2 Genmei Mori, Zyxel | 2 Pseudoics, P-330w Router | 2025-04-11 | 7.5 HIGH | N/A |
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||||
CVE-2013-3051 | 2 Motorola, Qualcomm | 5 Android, Atrix Hd, Razr Hd and 2 more | 2025-04-11 | 6.2 MEDIUM | N/A |
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596. | |||||
CVE-2013-4316 | 2 Apache, Oracle | 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | |||||
CVE-2010-4586 | 1 Opera | 1 Opera Browser | 2025-04-11 | 10.0 HIGH | N/A |
The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508. | |||||
CVE-2011-1400 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Tex-common | 2025-04-11 | 6.8 MEDIUM | N/A |
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document. | |||||
CVE-2009-5120 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2025-04-11 | 4.3 MEDIUM | N/A |
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. | |||||
CVE-2009-2750 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-11 | 5.5 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. | |||||
CVE-2012-0147 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2025-04-11 | 5.0 MEDIUM | N/A |
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." | |||||
CVE-2013-5167 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.0 MEDIUM | N/A |
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | |||||
CVE-2012-1909 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | 5.0 MEDIUM | N/A |
The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction. | |||||
CVE-2010-2945 | 1 Simone Rota | 1 Slim Simple Login Manager | 2025-04-11 | 6.9 MEDIUM | N/A |
The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp. | |||||
CVE-2010-4312 | 1 Apache | 1 Tomcat | 2025-04-11 | 6.4 MEDIUM | N/A |
The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie. | |||||
CVE-2013-1221 | 1 Cisco | 1 Unified Customer Voice Portal | 2025-04-11 | 10.0 HIGH | N/A |
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384. | |||||
CVE-2011-1406 | 1 Mahara | 1 Mahara | 2025-04-11 | 4.3 MEDIUM | N/A |
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login. | |||||
CVE-2010-3315 | 1 Apache | 1 Subversion | 2025-04-11 | 6.0 MEDIUM | N/A |
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. | |||||
CVE-2011-4506 | 1 Technicolor | 2 Tg585 Router, Tg585 Router Firmware | 2025-04-11 | 7.5 HIGH | N/A |
The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||||
CVE-2011-2166 | 1 Dovecot | 1 Dovecot | 2025-04-11 | 6.5 MEDIUM | N/A |
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script. | |||||
CVE-2013-1451 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 4.0 MEDIUM | N/A |
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. | |||||
CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2025-04-11 | 5.0 MEDIUM | N/A |
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. |