Search Results (26342 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2230 1 Redhat 1 Libvirt 2025-04-11 N/A
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
CVE-2011-3242 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2025-04-11 N/A
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
CVE-2013-2204 2 Tinymce, Wordpress 2 Media, Wordpress 2025-04-11 N/A
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.
CVE-2013-2202 1 Wordpress 1 Wordpress 2025-04-11 N/A
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-2140 1 Linux 1 Linux Kernel 2025-04-11 N/A
The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.
CVE-2013-2138 1 Menalto 1 Gallery 2025-04-11 N/A
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
CVE-2011-3375 2 Apache, Redhat 2 Tomcat, Jboss Enterprise Web Server 2025-04-11 N/A
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
CVE-2012-4411 1 Xen 1 Xen 2025-04-11 N/A
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
CVE-2011-2200 3 D-bus Project, Freedesktop, Redhat 3 D-bus, Dbus, Enterprise Linux 2025-04-11 N/A
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.
CVE-2013-3275 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2025-04-11 N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
CVE-2011-2059 1 Cisco 1 Ios 2025-04-11 N/A
The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219.
CVE-2011-2058 1 Cisco 1 Ios 2025-04-11 7.5 High
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336.
CVE-2011-2040 3 Apple, Cisco, Linux 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel 2025-04-11 N/A
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.
CVE-2011-1979 1 Microsoft 1 Visio 2025-04-11 N/A
Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
CVE-2012-4403 1 Moodle 1 Moodle 2025-04-11 N/A
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
CVE-2013-3266 1 Freebsd 1 Freebsd 2025-04-11 N/A
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by specifying a plain file instead of a directory.
CVE-2011-5126 1 Bluecoat 1 Sgos 2025-04-11 N/A
Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file.
CVE-2012-0130 1 Hp 1 Onboard Administrator 2025-04-11 N/A
HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2011-1873 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
CVE-2011-2442 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2025-04-11 N/A
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."