Total
10810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0996 | 1 Roy Marples | 1 Dhcpcd | 2025-04-11 | 6.8 MEDIUM | N/A |
| dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | |||||
| CVE-2010-1518 | 1 Gigabyte | 1 Dldrv2 Activex Control | 2025-04-11 | 10.0 HIGH | N/A |
| Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument. | |||||
| CVE-2010-3237 | 1 Microsoft | 2 Excel, Office | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." | |||||
| CVE-2011-4914 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2025-04-11 | 6.4 MEDIUM | N/A |
| The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. | |||||
| CVE-2013-2994 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 6.4 MEDIUM | N/A |
| IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2013-0331 | 1 Jenkins | 1 Jenkins | 2025-04-11 | 4.0 MEDIUM | N/A |
| Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload. | |||||
| CVE-2013-0285 | 1 Nori Gem Project | 1 Nori Gem | 2025-04-11 | 7.5 HIGH | N/A |
| The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | |||||
| CVE-2013-5498 | 1 Cisco | 1 Ios Xr | 2025-04-11 | 5.0 MEDIUM | N/A |
| The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ASR 9000 Integrated Service Module (ISM) in Cisco IOS XR allows remote attackers to cause a denial of service (module reset) via crafted packet streams, aka Bug ID CSCue91963. | |||||
| CVE-2012-6152 | 1 Pidgin | 1 Pidgin | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. | |||||
| CVE-2013-2078 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. | |||||
| CVE-2011-3367 | 1 Arora-browser | 1 Arora | 2025-04-11 | 5.0 MEDIUM | N/A |
| Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | |||||
| CVE-2008-7257 | 1 Cisco | 1 Asa 5580 | 2025-04-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | |||||
| CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2014-1610 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 6.0 MEDIUM | N/A |
| MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. | |||||
| CVE-2011-0623 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. | |||||
| CVE-2011-3619 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.6 MEDIUM | N/A |
| The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/attr/current file. | |||||
| CVE-2010-0431 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2025-04-11 | 6.6 MEDIUM | N/A |
| QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors. | |||||
| CVE-2011-0581 | 1 Adobe | 1 Coldfusion | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags. | |||||
| CVE-2009-4833 | 1 Oracle | 1 Mysql Connector\/net | 2025-04-11 | 5.8 MEDIUM | N/A |
| MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate. | |||||
| CVE-2013-5140 | 1 Apple | 1 Iphone Os | 2025-04-11 | 7.8 HIGH | N/A |
| The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||||