Export limit exceeded: 26050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26050 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6814 | 1 Sap | 1 Netweaver | 2025-04-11 | N/A |
| The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | ||||
| CVE-2011-2802 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site. | ||||
| CVE-2013-4955 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter. | ||||
| CVE-2011-1448 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||||
| CVE-2012-5534 | 1 Flashtux | 1 Weechat | 2025-04-11 | N/A |
| The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion." | ||||
| CVE-2013-6832 | 1 Freebsd | 1 Freebsd | 2025-04-11 | N/A |
| The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. | ||||
| CVE-2013-6833 | 1 Freebsd | 1 Freebsd | 2025-04-11 | N/A |
| The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. | ||||
| CVE-2013-6868 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-11 | N/A |
| SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-5509 | 2 Cloudforms Cloudengine, Redhat | 2 1, Cloudforms Cloud Engine | 2025-04-11 | N/A |
| aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file. | ||||
| CVE-2011-3735 | 1 Escortwebsitedesign | 1 Escort-agency-cms | 2025-04-11 | N/A |
| Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethumb.php and certain other files. | ||||
| CVE-2011-3736 | 1 Exoscripts | 1 Exophpdesk | 2025-04-11 | N/A |
| ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files. | ||||
| CVE-2011-3733 | 1 Elgg | 1 Elgg | 2025-04-11 | N/A |
| Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files. | ||||
| CVE-2011-3743 | 1 Hesk | 1 Hesk | 2025-04-11 | N/A |
| Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files. | ||||
| CVE-2012-3749 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. | ||||
| CVE-2013-1763 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-11 | N/A |
| Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. | ||||
| CVE-2013-3275 | 1 Emc | 2 Avamar Server, Avamar Server Virtual Edition | 2025-04-11 | N/A |
| EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities." | ||||
| CVE-2011-5242 | 1 Themattharris | 1 Tmhoauth | 2025-04-11 | N/A |
| tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2011-3745 | 1 Hycus | 1 Hycus Cms | 2025-04-11 | N/A |
| HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php. | ||||
| CVE-2011-3750 | 1 Kplaylist | 1 Kplaylist | 2025-04-11 | N/A |
| kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other files. | ||||
| CVE-2011-2783 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. | ||||