Export limit exceeded: 26185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26185 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1318 | 1 Microsoft | 1 Publisher | 2025-04-11 | N/A |
| Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." | ||||
| CVE-2010-0283 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-11 | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. | ||||
| CVE-2011-3812 | 1 Vanillaforums | 1 Vanilla | 2025-04-11 | N/A |
| Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files. | ||||
| CVE-2011-0655 | 1 Microsoft | 7 Office, Office Compatibility Pack, Office Powerpoint Viewer and 4 more | 2025-04-11 | N/A |
| Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability." | ||||
| CVE-2011-4697 | 2 Android, Xiaomi | 2 Android, Mitalk Messenger | 2025-04-11 | N/A |
| The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. | ||||
| CVE-2011-2749 | 4 Canonical, Debian, Isc and 1 more | 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more | 2025-04-11 | N/A |
| The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. | ||||
| CVE-2011-1527 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions. | ||||
| CVE-2011-3884 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2011-3819 | 1 53x11 | 1 Wow Server Status | 2025-04-11 | N/A |
| WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.php and certain other files. | ||||
| CVE-2010-3432 | 6 Canonical, Debian, Linux and 3 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-11 | N/A |
| The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. | ||||
| CVE-2010-1237 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element. | ||||
| CVE-2011-4885 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | ||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2025-04-11 | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | ||||
| CVE-2011-2628 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload. | ||||
| CVE-2011-2772 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image. | ||||
| CVE-2012-0421 | 1 Novell | 1 Suse Audit Log Keeper | 2025-04-11 | N/A |
| The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. | ||||
| CVE-2011-5037 | 1 Google | 1 V8 | 2025-04-11 | N/A |
| Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. | ||||
| CVE-2011-2774 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. | ||||
| CVE-2011-5043 | 1 Tomatosoft | 1 Free Mp3 Player | 2025-04-11 | N/A |
| TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow. | ||||
| CVE-2010-1645 | 1 Cacti | 1 Cacti | 2025-04-11 | N/A |
| Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template. | ||||