Search Results (26269 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3342 1 Microsoft 4 Internet Explorer, Windows 7, Windows Vista and 1 more 2025-04-11 N/A
Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.
CVE-2013-2248 1 Apache 1 Struts 2025-04-11 N/A
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
CVE-2013-4766 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component.
CVE-2013-2770 1 Novell 2 Kanaka, Open Enterprise Server 2025-04-11 N/A
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.
CVE-2013-4180 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-4183 2 Openstack, Redhat 2 Cinder, Openstack 2025-04-11 N/A
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2013-2804 1 Softwaretoolbox 1 Top Server 2025-04-11 N/A
The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.
CVE-2011-0594 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Acrobat Reader, Mac Os X and 2 more 2025-04-11 N/A
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
CVE-2012-6099 1 Moodle 1 Moodle 2025-04-11 N/A
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
CVE-2012-6548 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Openstack 2025-04-11 N/A
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2013-6285 1 Tylertech 1 Taxweb 2025-04-11 N/A
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020.
CVE-2013-6981 1 Cisco 1 Ios Xe 2025-04-11 N/A
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709.
CVE-2011-0779 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 N/A
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
CVE-2012-6085 2 Gnupg, Redhat 2 Gnupg, Enterprise Linux 2025-04-11 N/A
The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field of an OpenPGP packet.
CVE-2013-2816 1 Cooperindustries 3 Smp 16 Gateway \(data Concentrator\), Smp 4\/dp Gateway \(data Concentrator\), Smp 4 Gateway \(data Concentrator\) 2025-04-11 N/A
The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows physically proximate attackers to cause a denial of service (reboot or link outage) via crafted input over a serial line.
CVE-2013-2818 1 Alstom 1 E-terracontrol 2025-04-11 N/A
The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line.
CVE-2012-4655 1 Cisco 1 Secure Desktop 2025-04-11 N/A
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
CVE-2011-0019 2 Fedoraproject, Redhat 2 389 Directory Server, Directory Server 2025-04-11 N/A
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.
CVE-2013-2821 1 Novatech 6 Orion5 Dnp Master, Orion5 Dnp Slave, Orion5r Dnp Master and 3 more 2025-04-11 N/A
NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attackers to cause a denial of service (driver crash and process restart) via a crafted DNP3 TCP packet.
CVE-2011-0774 1 Pivotx 1 Pivotx 2025-04-11 N/A
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.