Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26246 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0255 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2025-04-11 N/A
PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read.
CVE-2011-1309 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.
CVE-2009-4658 1 Omidrouhani 1 Xerver 2025-04-11 N/A
Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657.
CVE-2012-2196 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.
CVE-2012-2191 1 Ibm 3 Global Security Kit, Rational Directory Server, Tivoli Directory Server 2025-04-11 N/A
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
CVE-2013-0305 3 Canonical, Djangoproject, Redhat 3 Ubuntu Linux, Django, Openstack 2025-04-11 N/A
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.
CVE-2013-3951 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-11 N/A
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program.
CVE-2011-1407 1 Exim 1 Exim 2025-04-11 N/A
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
CVE-2012-2223 1 Novell 1 Zenworks Configuration Management 2025-04-11 N/A
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
CVE-2013-3953 1 Apple 2 Iphone Os, Mac Os X 2025-04-11 N/A
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
CVE-2013-3954 1 Apple 2 Iphone Os, Mac Os X 2025-04-11 N/A
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
CVE-2013-3955 1 Apple 4 Ipad, Ipad2, Ipad Mini and 1 more 2025-04-11 N/A
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.
CVE-2011-1412 4 Ioquake3, Linux, Openarena and 1 more 4 Ioquake3 Engine, Linux Kernel, Openarena and 1 more 2025-04-11 N/A
sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.
CVE-2011-1416 1 Rim 2 Blackberry Torch 9800, Blackberry Torch 9800 Firmware 2025-04-11 N/A
The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
CVE-2012-2246 1 Mahara 1 Mahara 2025-04-11 N/A
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.
CVE-2013-3959 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.
CVE-2011-1418 1 Apple 3 Apple Tv, Iphone Os, Tvos 2025-04-11 N/A
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
CVE-2012-2240 1 Devscripts Devel Team 1 Devscripts 2025-04-11 N/A
scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."
CVE-2012-2251 3 Debian, Fedoraproject, Pizzashack 3 Debian Linux, Fedora, Rssh 2025-04-11 N/A
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
CVE-2012-2279 2 Emc, Rsa 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance 2025-04-11 N/A
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.