Export limit exceeded: 26313 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26313 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-0865 1 Cubecart 1 Cubecart 2025-04-11 N/A
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
CVE-2014-0253 1 Microsoft 1 .net Framework 2025-04-11 N/A
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."
CVE-2013-4283 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-11 N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-4208 2 Putty, Simon Tatham 2 Putty, Putty 2025-04-11 N/A
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
CVE-2013-0854 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
CVE-2013-3825 1 Oracle 1 Supply Chain Products Suite 2025-04-11 N/A
Unspecified vulnerability in the Oracle Agile Product Collaboration component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Folders & Files Attachment.
CVE-2012-6337 1 Samsung 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more 2025-04-11 N/A
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
CVE-2013-3724 1 Monkey-project 1 Monkey 2025-04-11 N/A
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
CVE-2013-3674 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.
CVE-2013-3647 1 Cybozu 1 Cybozu Live 2025-04-11 N/A
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVE-2013-3643 1 Adgjm 1 Galapagos Browser 2025-04-11 N/A
The Galapagos Browser application for Android does not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application.
CVE-2012-6395 1 Cisco 4 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 1000v Cloud Firewall and 1 more 2025-04-11 N/A
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.
CVE-2013-3608 1 Supermicro 133 H8dcl-6f, H8dcl-if, H8dct-hibqf and 130 more 2025-04-11 N/A
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC*, H8DG*, H8SCM-F, H8SGL-F, H8SM*, X7SP*, X8DT*, X8SI*, X9DAX-*, X9DB*, X9DR*, X9QR*, X9SBAA-F, X9SC*, X9SPU-F, and X9SR* devices allows remote authenticated users to execute arbitrary commands via shell metacharacters, as demonstrated by the IP address field in config_date_time.cgi.
CVE-2012-2819 1 Google 1 Chrome 2025-04-11 N/A
The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387.
CVE-2013-3507 1 Gwos 1 Groundwork Monitor 2025-04-11 N/A
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context.
CVE-2012-2820 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2013-3599 1 Trivantis 1 Coursemill Learning Management System 2025-04-11 N/A
userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html.
CVE-2010-1213 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
CVE-2013-3595 1 Dell 3 Powerconnect 3348, Powerconnect 3524p, Powerconnect 5324 2025-04-11 N/A
The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.
CVE-2013-3580 1 Trustgo 1 Antivirus \& Mobile Security 2025-04-11 N/A
The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero arguments.