Total
11014 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5237 | 1 Paypal | 1 Wps Toolkit | 2026-04-29 | 5.8 MEDIUM | N/A |
| PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2010-4198 | 3 Fedoraproject, Google, Webkitgtk | 3 Fedora, Chrome, Webkitgtk | 2026-04-29 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2013-1135 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2026-04-29 | 7.1 HIGH | N/A |
| Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155. | |||||
| CVE-2010-1173 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 7.1 HIGH | N/A |
| The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data. | |||||
| CVE-2012-4609 | 1 Emc | 1 Rsa Netwitness Informer | 2026-04-29 | 4.3 MEDIUM | N/A |
| The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2012-5234 | 1 Ocportal | 1 Ocportal | 2026-04-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. | |||||
| CVE-2013-3030 | 1 Ibm | 1 Cognos Business Intelligence | 2026-04-29 | 5.0 MEDIUM | N/A |
| The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests. | |||||
| CVE-2013-0081 | 1 Microsoft | 4 Sharepoint Foundation, Sharepoint Portal Server, Sharepoint Server and 1 more | 2026-04-29 | 5.0 MEDIUM | N/A |
| Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability." | |||||
| CVE-2013-1431 | 1 Simon Mcvittie | 1 Telepathy Gabble | 2026-04-29 | 6.8 MEDIUM | N/A |
| The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks. | |||||
| CVE-2011-4006 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2026-04-29 | 7.8 HIGH | N/A |
| The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565. | |||||
| CVE-2013-6174 | 1 Emc | 1 Document Sciences Xpression | 2026-04-29 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | |||||
| CVE-2012-5794 | 2 Moneybookers, Oscommerce | 2 Moneybookers, Oscommerce | 2026-04-29 | 5.8 MEDIUM | N/A |
| The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2011-3647 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-29 | 9.3 HIGH | N/A |
| The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | |||||
| CVE-2009-4658 | 1 Omidrouhani | 1 Xerver | 2026-04-29 | 4.0 MEDIUM | N/A |
| Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. | |||||
| CVE-2013-6283 | 1 Videolan | 1 Vlc Media Player | 2026-04-29 | 7.5 HIGH | N/A |
| VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. | |||||
| CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2026-04-29 | 6.2 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | |||||
| CVE-2010-0420 | 1 Pidgin | 1 Pidgin | 2026-04-29 | 4.3 MEDIUM | N/A |
| libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | |||||
| CVE-2013-2146 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 4.7 MEDIUM | N/A |
| arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. | |||||
| CVE-2012-0354 | 1 Cisco | 11 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Catalyst 6500 and 8 more | 2026-04-29 | 7.1 HIGH | N/A |
| The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) allows remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger a shun event, aka Bug ID CSCtw35765. | |||||
| CVE-2011-3597 | 1 Gisle Aas | 1 Digest | 2026-04-29 | 7.5 HIGH | N/A |
| Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. | |||||