Export limit exceeded: 23508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26229 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4998 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.
CVE-2011-3227 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
CVE-2012-3314 1 Ibm 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway 2025-04-11 N/A
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.
CVE-2011-3253 1 Apple 1 Iphone Os 2025-04-11 N/A
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
CVE-2012-3325 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.
CVE-2011-3264 1 Zabbix 1 Zabbix 2025-04-11 N/A
Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.
CVE-2014-0660 1 Cisco 1 Telepresence Isdn Gateway Software 2025-04-11 N/A
Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.
CVE-2013-0909 1 Google 1 Chrome 2025-04-11 N/A
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
CVE-2012-3354 2 Dokuwiki, Fedoraproject 2 Dokuwiki, Fedora 2025-04-11 N/A
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
CVE-2013-0926 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
CVE-2014-0677 1 Cisco 1 Nx-os 2025-04-11 N/A
The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.
CVE-2013-0939 1 Emc 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more 2025-04-11 N/A
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue.
CVE-2011-3365 2 Kde, Redhat 2 Kde Sc, Enterprise Linux 2025-04-11 N/A
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
CVE-2013-0944 1 Emc 1 Avamar 2025-04-11 N/A
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2013-3724 1 Monkey-project 1 Monkey 2025-04-11 N/A
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
CVE-2013-3735 1 Php 1 Php 2025-04-11 7.5 High
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendor's http://php.net/security-note.php page says "for critical security situations you should be using OS-level security by running multiple web servers each as their own user id.
CVE-2012-6545 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2013-3675 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data.
CVE-2013-3674 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data.
CVE-2013-3672 1 Ffmpeg 1 Ffmpeg 2025-04-11 N/A
The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data.