Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26050 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5703 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.
CVE-2013-4615 1 Canon 9 Mg3100 Printer, Mg5300 Printer, Mg6100 Printer and 6 more 2025-04-11 N/A
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
CVE-2014-0718 1 Cisco 1 Ips Sensor Software 2025-04-11 N/A
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.
CVE-2014-0254 1 Microsoft 3 Windows 8, Windows Rt, Windows Server 2012 2025-04-11 N/A
The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."
CVE-2011-2382 1 Microsoft 2 Ie, Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.
CVE-2012-1223 1 Rabidhamster 1 R2\/extreme 2025-04-11 N/A
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.
CVE-2012-0853 2 Ffmpeg, Libav 2 Ffmpeg, Libav 2025-04-11 N/A
The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.
CVE-2009-5056 1 Otrs 1 Otrs 2025-04-11 N/A
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.
CVE-2011-0981 3 Apple, Debian, Google 5 Iphone Os, Itunes, Safari and 2 more 2025-04-11 N/A
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2012-4109 1 Cisco 1 Unified Computing System 2025-04-11 N/A
The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559.
CVE-2013-1798 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-11 N/A
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
CVE-2012-5688 3 Canonical, Isc, Redhat 3 Ubuntu Linux, Bind, Enterprise Linux 2025-04-11 N/A
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVE-2011-2366 1 Mozilla 3 Firefox, Gecko, Thunderbird 2025-04-11 N/A
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
CVE-2013-6359 1 Munin-monitoring 1 Munin 2025-04-11 N/A
Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
CVE-2011-2358 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
CVE-2012-4655 1 Cisco 1 Secure Desktop 2025-04-11 N/A
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
CVE-2011-1447 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2011-0003 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2013-0308 2 Git-scm, Redhat 2 Git, Enterprise Linux 2025-04-11 N/A
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-0923 1 Hp 1 Data Protector 2025-04-11 N/A
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."