Export limit exceeded: 26295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1633 1 Python 1 Setuptools 2025-04-11 N/A
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.
CVE-2013-1643 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-11 N/A
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
CVE-2013-1665 2 Openstack, Redhat 3 Folsom, Keystone Essex, Openstack 2025-04-11 N/A
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
CVE-2013-3954 1 Apple 2 Iphone Os, Mac Os X 2025-04-11 N/A
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
CVE-2013-3959 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.
CVE-2010-2474 1 Redhat 2 Jboss Enterprise Service Bus, Jboss Enterprise Soa Platform 2025-04-11 N/A
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.
CVE-2011-1725 1 Hp 1 Network Automation 2025-04-11 N/A
Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2011-1713 1 Microsoft 2 Internet Explorer, Windows 7 2025-04-11 N/A
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.
CVE-2012-4704 1 3s-software 1 Codesys Gateway-server 2025-04-11 N/A
Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2011-1712 1 Mozilla 2 Firefox, Seamonkey 2025-04-11 N/A
The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
CVE-2013-1881 2 Gnome, Redhat 2 Librsvg, Enterprise Linux 2025-04-11 N/A
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2010-2295 1 Google 1 Chrome 2025-04-11 N/A
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422.
CVE-2013-1694 2 Mozilla, Redhat 5 Firefox, Thunderbird, Thunderbird Esr and 2 more 2025-04-11 N/A
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag.
CVE-2011-1687 1 Bestpractical 1 Rt 2025-04-11 N/A
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.
CVE-2010-2293 1 D-link 1 Di-604 2025-04-11 N/A
The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.
CVE-2013-3983 1 Ibm 1 Sametime 2025-04-11 N/A
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors.
CVE-2013-3988 1 Ibm 1 Sametime 2025-04-11 N/A
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2013-1729 2 Apple, Mozilla 2 Mac Os X, Firefox 2025-04-11 N/A
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.
CVE-2010-2262 1 Galileo Students 1 Team Weborf 2025-04-11 N/A
Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header.
CVE-2013-1735 2 Mozilla, Redhat 6 Firefox, Seamonkey, Thunderbird and 3 more 2025-04-11 N/A
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling.