Total
10856 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1599 | 1 Digium | 1 Asterisk | 2025-04-11 | 9.0 HIGH | N/A |
| manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. | |||||
| CVE-2011-2512 | 1 Kvm Group | 1 Qemu-kvm | 2025-04-11 | 5.8 MEDIUM | N/A |
| The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison. | |||||
| CVE-2011-1811 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2011-1001 | 1 Google | 1 Android Sdk | 2025-04-11 | 4.3 MEDIUM | N/A |
| dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method. | |||||
| CVE-2012-2374 | 1 Tornadoweb | 1 Tornado | 2025-04-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input. | |||||
| CVE-2013-1583 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 2.9 LOW | N/A |
| The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
| CVE-2011-1166 | 1 Xen | 1 Xen | 2025-04-11 | 5.5 MEDIUM | N/A |
| Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. | |||||
| CVE-2010-1632 | 2 Apache, Ibm | 6 Axis2, Geronimo, Orchestration Director Engine and 3 more | 2025-04-11 | 7.5 HIGH | N/A |
| Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. | |||||
| CVE-2012-2002 | 1 Hp | 1 Snmp Agents For Linux | 2025-04-11 | 8.3 HIGH | N/A |
| Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-4103 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 6.8 MEDIUM | N/A |
| ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686. | |||||
| CVE-2010-1181 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 4.3 MEDIUM | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. | |||||
| CVE-2014-0254 | 1 Microsoft | 3 Windows 8, Windows Rt, Windows Server 2012 | 2025-04-11 | 7.8 HIGH | N/A |
| The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability." | |||||
| CVE-2013-5546 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2025-04-11 | 7.8 HIGH | N/A |
| The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 before 3.8.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via large TCP packets that are processed by the (1) NAT or (2) ALG component, aka Bug ID CSCud72509. | |||||
| CVE-2013-6122 | 1 Qualcomm | 1 Quic Mobile Station Modem Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
| goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler. | |||||
| CVE-2011-0595 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. | |||||
| CVE-2011-0912 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | 9.3 HIGH | N/A |
| Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2. | |||||
| CVE-2010-2878 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 9.3 HIGH | N/A |
| DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | |||||
| CVE-2013-1231 | 1 Cisco | 2 Webex Meetings Server, Webex Node For Mcs | 2025-04-11 | 5.0 MEDIUM | N/A |
| The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. | |||||
| CVE-2010-2597 | 1 Libtiff | 1 Libtiff | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | |||||
| CVE-2011-1154 | 1 Gentoo | 1 Logrotate | 2025-04-11 | 6.9 MEDIUM | N/A |
| The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | |||||