Total
11012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5968 | 1 Huawei | 2 E585, E585u-82 | 2026-04-29 | 4.8 MEDIUM | N/A |
| The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network. | |||||
| CVE-2011-4885 | 1 Php | 1 Php | 2026-04-29 | 5.0 MEDIUM | N/A |
| PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2013-7112 | 1 Wireshark | 1 Wireshark | 2026-04-29 | 5.0 MEDIUM | N/A |
| The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2013-5550 | 1 Cisco | 1 Unified Computing System | 2026-04-29 | 4.6 MEDIUM | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. | |||||
| CVE-2012-4085 | 1 Cisco | 1 Unified Computing System | 2026-04-29 | 5.0 MEDIUM | N/A |
| The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761. | |||||
| CVE-2011-1853 | 1 Hp | 1 Intelligent Management Center | 2026-04-29 | 10.0 HIGH | N/A |
| tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table. | |||||
| CVE-2011-4063 | 1 Asterisk | 1 Open Source | 2026-04-29 | 6.8 MEDIUM | N/A |
| chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. | |||||
| CVE-2011-4601 | 1 Pidgin | 1 Pidgin | 2026-04-29 | 5.0 MEDIUM | N/A |
| family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition. | |||||
| CVE-2011-1130 | 1 Simplemachines | 1 Smf | 2026-04-29 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php. | |||||
| CVE-2011-1447 | 1 Google | 1 Chrome | 2026-04-29 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2012-4082 | 1 Cisco | 1 Unified Computing System | 2026-04-29 | 6.8 MEDIUM | N/A |
| MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. | |||||
| CVE-2013-7255 | 1 Opsview | 1 Opsview | 2026-04-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-1529 | 1 Mit | 1 Kerberos 5 | 2026-04-29 | 7.8 HIGH | N/A |
| The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors. | |||||
| CVE-2012-3411 | 2 Redhat, Thekelleys | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2026-04-29 | 5.0 MEDIUM | N/A |
| Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query. | |||||
| CVE-2007-6746 | 1 Canonical | 2 Telepathy-idle, Ubuntu Linux | 2026-04-29 | 5.8 MEDIUM | N/A |
| telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-2145 | 3 Canonical, Opensuse, Perlmonks | 3 Ubuntu Linux, Opensuse, Module\ | 2026-04-29 | 4.4 MEDIUM | N/A |
| The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/. | |||||
| CVE-2013-6339 | 1 Wireshark | 1 Wireshark | 2026-04-29 | 4.3 MEDIUM | N/A |
| The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. | |||||
| CVE-2011-1979 | 1 Microsoft | 1 Visio | 2026-04-29 | 9.3 HIGH | N/A |
| Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability." | |||||
| CVE-2012-2494 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2026-04-29 | 4.3 MEDIUM | N/A |
| The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. | |||||
| CVE-2012-4087 | 1 Cisco | 1 Unified Computing System | 2026-04-29 | 5.1 MEDIUM | N/A |
| A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. | |||||