Export limit exceeded: 25385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25385 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0662 | 1 Cisco | 2 Telepresence Video Communication Server Software, Telepresence Video Communication Servers Software | 2025-04-11 | N/A |
| The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632. | ||||
| CVE-2014-0671 | 1 Cisco | 1 Mediasense | 2025-04-11 | N/A |
| Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749. | ||||
| CVE-2014-0724 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340. | ||||
| CVE-2014-1219 | 1 Broadcom | 1 2e Web Option | 2025-04-11 | N/A |
| CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm. | ||||
| CVE-2014-1861 | 1 Jetroplatforms | 1 Jetro Cockpit Secure Browsing | 2025-04-11 | N/A |
| The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension. | ||||
| CVE-2014-1930 | 1 Visibility Software | 1 Cyber Recruiter | 2025-04-11 | N/A |
| Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
| CVE-2011-4314 | 3 Kay Framework Project, Openid, Redhat | 7 Kay Framework, Openid4java, Jboss Enterprise Application Platform and 4 more | 2025-04-11 | N/A |
| message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. | ||||
| CVE-2010-3342 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Vista and 1 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348. | ||||
| CVE-2011-0685 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation. | ||||
| CVE-2011-0687 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document. | ||||
| CVE-2011-0745 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-11 | N/A |
| SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | ||||
| CVE-2010-2252 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2025-04-11 | N/A |
| GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | ||||
| CVE-2011-0890 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2025-04-11 | N/A |
| HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. | ||||
| CVE-2011-0418 | 2 Netbsd, Pureftpd | 2 Netbsd, Pure-ftpd | 2025-04-11 | N/A |
| The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command. | ||||
| CVE-2011-0478 | 1 Google | 2 Chrome, Chrome Os | 2025-04-11 | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||||
| CVE-2010-2474 | 1 Redhat | 2 Jboss Enterprise Service Bus, Jboss Enterprise Soa Platform | 2025-04-11 | N/A |
| JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service. | ||||
| CVE-2010-2531 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2025-04-11 | N/A |
| The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. | ||||
| CVE-2010-2550 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." | ||||
| CVE-2010-2571 | 1 Microsoft | 1 Publisher | 2025-04-11 | N/A |
| Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability." | ||||
| CVE-2010-2629 | 1 Cisco | 2 Ace 4710, Content Services Switch 11500 | 2025-04-11 | N/A |
| The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576. | ||||