Total
11014 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4982 | 1 Forescout | 1 Counteract | 2026-04-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter. | |||||
| CVE-2013-1917 | 1 Xen | 1 Xen | 2026-04-29 | 1.9 LOW | N/A |
| Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. | |||||
| CVE-2014-0655 | 1 Cisco | 1 Adaptive Security Appliance | 2026-04-29 | 4.3 MEDIUM | N/A |
| The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332. | |||||
| CVE-2012-1866 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2026-04-29 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." | |||||
| CVE-2011-0647 | 1 Emc | 2 Networker Module, Replication Manager | 2026-04-29 | 10.0 HIGH | N/A |
| The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. | |||||
| CVE-2011-3639 | 1 Apache | 10 Http Server, Http Server2.0a1, Http Server2.0a2 and 7 more | 2026-04-29 | 4.3 MEDIUM | N/A |
| The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. | |||||
| CVE-2010-2078 | 1 Magnoware | 1 Datatrack System | 2026-04-29 | 5.0 MEDIUM | N/A |
| DataTrack System 3.5 allows remote attackers to list the root directory via a (1) /%u0085/ or (2) /%u00A0/ URI. | |||||
| CVE-2012-2159 | 1 Ibm | 2 Security Appscan Source, Spss Data Collection | 2026-04-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-3382 | 1 Cisco | 1 Adaptive Security Appliance | 2026-04-29 | 7.8 HIGH | N/A |
| The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387. | |||||
| CVE-2012-0840 | 1 Apache | 1 Portable Runtime | 2026-04-29 | 5.0 MEDIUM | N/A |
| tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2013-1585 | 1 Wireshark | 1 Wireshark | 2026-04-29 | 2.9 LOW | N/A |
| epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
| CVE-2013-0841 | 1 Google | 1 Chrome | 2026-04-29 | 7.5 HIGH | N/A |
| Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-4450 | 1 Nodejs | 1 Nodejs | 2026-04-29 | 5.0 MEDIUM | N/A |
| The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. | |||||
| CVE-2011-4106 | 1 Binarymoon | 1 Timthumb | 2026-04-29 | 6.8 MEDIUM | N/A |
| TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011. | |||||
| CVE-2013-3443 | 1 Cisco | 1 Wide Area Application Services | 2026-04-29 | 10.0 HIGH | N/A |
| The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626. | |||||
| CVE-2013-6702 | 1 Cisco | 2 Ons 15454, Ons 15454 Firmware | 2026-04-29 | 4.3 MEDIUM | N/A |
| The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902. | |||||
| CVE-2013-4046 | 1 Ibm | 1 Spss Collaboration And Deployment Services | 2026-04-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-6399 | 1 Cisco | 1 Webex | 2026-04-29 | 5.8 MEDIUM | N/A |
| Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176. | |||||
| CVE-2010-0602 | 1 Cisco | 1 Pgw 2200 Softswitch | 2026-04-29 | 7.8 HIGH | N/A |
| The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606. | |||||
| CVE-2013-3580 | 1 Trustgo | 1 Antivirus \& Mobile Security | 2026-04-29 | 4.3 MEDIUM | N/A |
| The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero arguments. | |||||