Export limit exceeded: 24693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1909 | 2 Apache, Redhat | 2 Qpid, Enterprise Mrg | 2025-04-11 | N/A |
| The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2013-4354 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-11 | N/A |
| The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. | ||||
| CVE-2013-3398 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution | 2025-04-11 | N/A |
| The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574. | ||||
| CVE-2013-3869 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2025-04-11 | N/A |
| Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability." | ||||
| CVE-2013-2146 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. | ||||
| CVE-2013-7079 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2013-2141 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. | ||||
| CVE-2013-4238 | 4 Canonical, Opensuse, Python and 1 more | 4 Ubuntu Linux, Opensuse, Python and 1 more | 2025-04-11 | N/A |
| The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2014-0720 | 1 Cisco | 1 Ips Sensor Software | 2025-04-11 | N/A |
| Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944. | ||||
| CVE-2013-0655 | 1 Schneider-electric | 1 Software Update Utility | 2025-04-11 | N/A |
| The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. | ||||
| CVE-2014-1664 | 1 Citrix | 1 Gotomeeting | 2025-04-11 | N/A |
| The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file. | ||||
| CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | ||||
| CVE-2012-6392 | 2 Cisco, Linux | 2 Prime Lan Management Solution, Linux Kernel | 2025-04-11 | N/A |
| Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. | ||||
| CVE-2012-2493 | 4 Apple, Cisco, Linux and 1 more | 4 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel and 1 more | 2025-04-11 | N/A |
| The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. | ||||
| CVE-2010-1585 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. | ||||
| CVE-2010-0020 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | N/A |
| The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." | ||||
| CVE-2010-3338 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | N/A |
| The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. | ||||
| CVE-2010-1587 | 1 Apache | 1 Activemq | 2025-04-11 | N/A |
| The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp. | ||||
| CVE-2011-1429 | 2 Mutt, Redhat | 2 Mutt, Enterprise Linux | 2025-04-11 | N/A |
| Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. | ||||
| CVE-2012-2251 | 3 Debian, Fedoraproject, Pizzashack | 3 Debian Linux, Fedora, Rssh | 2025-04-11 | N/A |
| rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. | ||||