Export limit exceeded: 363021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1917 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. | ||||
| CVE-2013-1923 | 1 Linux-nfs | 1 Nfs-utils | 2025-04-11 | N/A |
| rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. | ||||
| CVE-2010-4225 | 1 Mono | 1 Mono | 2025-04-11 | N/A |
| Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." | ||||
| CVE-2013-1928 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. | ||||
| CVE-2010-4254 | 2 Mono, Novell | 2 Mono, Moonlight | 2025-04-11 | N/A |
| Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call. | ||||
| CVE-2010-4256 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an F_SETPIPE_SZ fcntl call. | ||||
| CVE-2013-3469 | 1 Cisco | 1 Mobility Services Engine | 2025-04-11 | N/A |
| Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. | ||||
| CVE-2010-0551 | 1 Geopp | 1 Geo\+\+ Gncaster | 2025-04-11 | N/A |
| HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure." | ||||
| CVE-2010-4335 | 2 Cakefoundation, Cakephp | 2 Cakephp, Cakephp | 2025-04-11 | N/A |
| The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files. | ||||
| CVE-2012-5544 | 2 Drupal, Thinkshout | 2 Drupal, Mandrill | 2025-04-11 | N/A |
| The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. | ||||
| CVE-2010-1915 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature, modification of ZVALs whose values are not updated in the associated local variables, and access of previously-freed memory. | ||||
| CVE-2010-4900 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2025-04-11 | N/A |
| Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | ||||
| CVE-2010-4198 | 4 Fedoraproject, Google, Redhat and 1 more | 4 Fedora, Chrome, Enterprise Linux and 1 more | 2025-04-11 | 8.8 High |
| WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. | ||||
| CVE-2010-4196 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | N/A |
| The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2010-5068 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | ||||
| CVE-2010-5069 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may overlap CVE-2010-2264. | ||||
| CVE-2010-5076 | 3 Digia, Qt, Redhat | 3 Qt, Qt, Enterprise Linux | 2025-04-11 | N/A |
| QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||||
| CVE-2013-3468 | 1 Cisco | 2 Unified Ip Phone 8945, Unified Ip Phone Firmware | 2025-04-11 | N/A |
| The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. | ||||
| CVE-2013-3675 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-11 | N/A |
| The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data. | ||||
| CVE-2013-1943 | 3 Canonical, Linux, Redhat | 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more | 2025-04-11 | 7.8 High |
| The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. | ||||