Search Results (26185 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5183 1 Apple 1 Mac Os X 2025-04-11 N/A
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2011-2012 1 Microsoft 1 Forefront Unified Access Gateway 2025-04-11 N/A
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
CVE-2012-2882 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue.
CVE-2013-2813 1 Cooperindustries 3 Smp 16 Gateway \(data Concentrator\), Smp 4\/dp Gateway \(data Concentrator\), Smp 4 Gateway \(data Concentrator\) 2025-04-11 N/A
The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateways allows remote attackers to cause a denial of service (reboot or link outage) via a crafted DNP3 TCP packet.
CVE-2013-4078 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2025-04-11 N/A
epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2012-2877 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
CVE-2013-6048 1 Munin-monitoring 1 Munin 2025-04-11 N/A
The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
CVE-2014-0257 1 Microsoft 1 .net Framework 2025-04-11 N/A
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
CVE-2012-4295 2 Sun, Wireshark 2 Sunos, Wireshark 2025-04-11 N/A
Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.
CVE-2012-2549 1 Microsoft 2 Windows Server 2008, Windows Server 2012 2025-04-11 N/A
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."
CVE-2012-2474 1 Cisco 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software 2025-04-11 N/A
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278.
CVE-2012-2330 1 Nodejs 1 Nodejs 2025-04-11 N/A
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
CVE-2013-3574 1 Hp 1 Insight Diagnostics 2025-04-11 N/A
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
CVE-2014-0655 1 Cisco 1 Adaptive Security Appliance 2025-04-11 N/A
The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.
CVE-2010-0548 1 Xerox 7 Workcentre 5632, Workcentre 5638, Workcentre 5645 and 4 more 2025-04-11 N/A
Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization.
CVE-2011-0018 1 Openvas 1 Openvas Manager 2025-04-11 N/A
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
CVE-2010-0549 1 Xerox 2 Workcentre 6400 Net Controller, Workcentre 6400 System Software 2025-04-11 N/A
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allows remote attackers to access "directory structure" via a crafted PostScript file, aka "Unauthorized Directory Structure Access Vulnerability."
CVE-2013-1162 1 Cisco 1 Ios Xr 2025-04-11 N/A
The traffic engineering (TE) processing subsystem in Cisco IOS XR allows remote attackers to cause a denial of service (process restart) via crafted TE packets, aka Bug ID CSCue04000.
CVE-2010-2963 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2025-04-11 N/A
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
CVE-2013-3076 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-11 N/A
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.