Total
29518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0233 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 7.2 HIGH | N/A |
| Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." | |||||
| CVE-2010-2951 | 1 Squid-cache | 1 Squid | 2025-04-11 | 5.0 MEDIUM | N/A |
| dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. | |||||
| CVE-2010-5148 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2025-04-11 | 5.0 MEDIUM | N/A |
| Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session (SSL) cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2011-2100 | 2 Adobe, Microsoft | 3 Acrobat, Acrobat Reader, Windows | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2012-1193 | 1 Powerdns | 1 Powerdns Recursor | 2025-04-11 | 6.4 MEDIUM | N/A |
| The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | |||||
| CVE-2010-2956 | 1 Todd Miller | 1 Sudo | 2025-04-11 | 6.2 MEDIUM | N/A |
| Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | |||||
| CVE-2012-4817 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 5.0 MEDIUM | N/A |
| The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2010-1803 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume. | |||||
| CVE-2010-3923 | 1 Mitsu Hiro Hi Rose | 1 Attachecase | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | |||||
| CVE-2010-2195 | 1 Eterna | 1 Bozohttpd | 2025-04-11 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows attackers to cause a denial of service via vectors related to a "wrong code generation interaction with GCC." | |||||
| CVE-2012-4472 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | 5.1 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter. | |||||
| CVE-2013-0111 | 1 Nvidia | 1 Driver | 2025-04-11 | 6.8 MEDIUM | N/A |
| daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2012-5514 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
| The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. | |||||
| CVE-2010-2953 | 1 Apache | 1 Couchdb | 2025-04-11 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory. | |||||
| CVE-2011-1143 | 1 Wireshark | 1 Wireshark | 2025-04-11 | 4.3 MEDIUM | N/A |
| epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. | |||||
| CVE-2013-2580 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2025-04-11 | 7.1 HIGH | N/A |
| Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory. | |||||
| CVE-2010-3828 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
| iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | |||||
| CVE-2013-6466 | 1 Xelerance | 1 Openswan | 2025-04-11 | 5.0 MEDIUM | N/A |
| Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||||
| CVE-2010-3127 | 1 Adobe | 1 Photoshop | 2025-04-11 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3354 | 1 Dropbox | 1 Dropbox | 2025-04-11 | 6.9 MEDIUM | N/A |
| dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||