Export limit exceeded: 26307 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26307 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3365 | 2 Kde, Redhat | 2 Kde Sc, Enterprise Linux | 2025-04-11 | N/A |
| The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | ||||
| CVE-2011-3367 | 1 Arora-browser | 1 Arora | 2025-04-11 | N/A |
| Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | ||||
| CVE-2011-3975 | 2 Google, Htc | 4 Android, Evo 3d, Evo 4g and 1 more | 2025-04-11 | N/A |
| A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port. | ||||
| CVE-2011-3375 | 2 Apache, Redhat | 2 Tomcat, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. | ||||
| CVE-2011-0726 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. | ||||
| CVE-2013-5717 | 1 Wireshark | 1 Wireshark | 2025-04-11 | N/A |
| The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. | ||||
| CVE-2008-7264 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | N/A |
| The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. | ||||
| CVE-2008-7274 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. | ||||
| CVE-2011-0633 | 2 Gisle Aas, Search.cpan | 2 Libwww-perl, Libwww-perl | 2025-04-11 | N/A |
| The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned. | ||||
| CVE-2012-1103 | 2 Gnu, Notmuchmail | 2 Emacs, Notmuch | 2025-04-11 | N/A |
| emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message. | ||||
| CVE-2012-3034 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | N/A |
| WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. | ||||
| CVE-2012-0221 | 1 Rockwellautomation | 2 Factorytalk, Rslogix 5000 | 2025-04-11 | N/A |
| The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. | ||||
| CVE-2011-0197 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | ||||
| CVE-2011-3496 | 1 Measuresoft | 1 Scadapro | 2025-04-11 | N/A |
| service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. | ||||
| CVE-2011-3884 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2011-3502 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-04-11 | N/A |
| The web server in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to obtain the source code of executable files via a request with a trailing (1) space or (2) %2e (encoded dot). | ||||
| CVE-2011-3880 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors. | ||||
| CVE-2012-2964 | 1 Breakingpointsystems | 2 Breakingpoint Storm Appliance, Breakingpoint Storm Appliance Ctm | 2025-04-11 | N/A |
| The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents. | ||||
| CVE-2011-3755 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | N/A |
| MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files. | ||||
| CVE-2011-3754 | 1 Mambo-foundation | 1 Mambo | 2025-04-11 | N/A |
| Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | ||||