Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1462 | 10 Ahnlab, Aladdin, Avg and 7 more | 10 V3 Internet Security, Esafe, Avg Anti-virus and 7 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. | |||||
| CVE-2011-4434 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 3.6 LOW | N/A |
| Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. | |||||
| CVE-2013-3898 | 1 Microsoft | 2 Windows 8, Windows Server 2012 | 2025-04-11 | 7.9 HIGH | N/A |
| Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host OS crash), via a guest-to-host hypercall with a crafted function parameter, aka "Address Corruption Vulnerability." | |||||
| CVE-2012-1428 | 3 Cat, Norman, Sophos | 3 Quick Heal, Norman Antivirus \& Antispyware, Sophos Anti-virus | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2008-7293 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
| CVE-2012-3323 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2010-0734 | 1 Curl | 1 Libcurl | 2025-04-11 | 6.8 MEDIUM | N/A |
| content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. | |||||
| CVE-2012-3973 | 1 Mozilla | 1 Firefox | 2025-04-11 | 7.6 HIGH | N/A |
| The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. | |||||
| CVE-2010-5072 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
| The JavaScript implementation in Opera 10.5 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | |||||
| CVE-2010-3919 | 1 Fenrir | 1 Grani | 2025-04-11 | 5.8 MEDIUM | N/A |
| Fenrir Grani 4.5 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site. | |||||
| CVE-2011-1473 | 1 Openssl | 1 Openssl | 2025-04-11 | 5.0 MEDIUM | N/A |
| OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment | |||||
| CVE-2012-1591 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | |||||
| CVE-2012-4466 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 5.0 MEDIUM | N/A |
| Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. | |||||
| CVE-2013-4291 | 1 Redhat | 1 Libvirt | 2025-04-11 | 6.9 MEDIUM | N/A |
| The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges. | |||||
| CVE-2012-5217 | 1 Hp | 1 System Management Homepage | 2025-04-11 | 5.0 MEDIUM | N/A |
| HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355. | |||||
| CVE-2012-0475 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 2.6 LOW | N/A |
| Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. | |||||
| CVE-2014-0719 | 1 Cisco | 1 Ips Sensor Software | 2025-04-11 | 7.8 HIGH | N/A |
| The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. | |||||
| CVE-2012-2063 | 2 Brian Altenhofel, Drupal | 2 Slidebox, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-2742 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-11 | 6.8 MEDIUM | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. | |||||
| CVE-2012-2335 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
| php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. | |||||