Total
10810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0945 | 1 Emc | 1 Avamar | 2025-04-11 | 9.3 HIGH | N/A |
| EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2010-4171 | 1 Systemtap | 1 Systemtap | 2025-04-11 | 2.1 LOW | N/A |
| The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules). | |||||
| CVE-2013-5407 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 4.9 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue. | |||||
| CVE-2011-0491 | 1 Tor | 1 Tor | 2025-04-11 | 5.0 MEDIUM | N/A |
| The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors." | |||||
| CVE-2010-0051 | 1 Apple | 1 Safari | 2025-04-11 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. | |||||
| CVE-2012-6034 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
| The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2013-3242 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.5 MEDIUM | N/A |
| plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors. | |||||
| CVE-2011-2405 | 1 Hp | 2 Proliant Sl Advanced Power Manager, Proliant Sl Advanced Power Manager Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2013-6123 | 2 Codeaurora, Qualcomm | 2 Android-msm, Quic Mobile Station Modem Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions. | |||||
| CVE-2012-6073 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-6380 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. | |||||
| CVE-2013-4094 | 1 Imperva | 1 Securesphere | 2025-04-11 | 6.5 MEDIUM | N/A |
| The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script. | |||||
| CVE-2012-6030 | 1 Xen | 1 Xen | 2025-04-11 | 7.2 HIGH | N/A |
| The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2012-4999 | 1 Mercurycom | 2 Mr804, Mr804 Firmware | 2025-04-11 | 6.1 MEDIUM | N/A |
| Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 6.3 MEDIUM | N/A |
| Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | |||||
| CVE-2012-4695 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2025-04-11 | 7.1 HIGH | N/A |
| LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. | |||||
| CVE-2010-0101 | 1 Lexmark | 61 25xxn, C510, C52x and 58 more | 2025-04-11 | 7.8 HIGH | N/A |
| The embedded HTTP server in multiple Lexmark laser and inkjet printers and MarkNet devices, including X94x, W840, T656, N4000, E462, C935dn, 25xxN, and other models, allows remote attackers to cause a denial of service (operating system halt) via a malformed HTTP Authorization header. | |||||
| CVE-2011-2502 | 1 Systemtap | 1 Systemtap | 2025-04-11 | 4.4 MEDIUM | N/A |
| runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument. | |||||
| CVE-2011-2170 | 1 Google | 1 Chrome Os | 2025-04-11 | 4.4 MEDIUM | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors. | |||||
| CVE-2010-3350 | 1 Bareftp | 1 Bareftp | 2025-04-11 | 6.9 MEDIUM | N/A |
| bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||