Export limit exceeded: 361803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4269 | 1 Efrontlearning | 1 Efront | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. | ||||
| CVE-2012-3962 | 2 Mozilla, Redhat | 5 Firefox, Seamonkey, Thunderbird and 2 more | 2025-04-11 | N/A |
| Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. | ||||
| CVE-2012-3895 | 1 Cisco | 1 Ios | 2025-04-11 | N/A |
| Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. | ||||
| CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | ||||
| CVE-2012-2967 | 1 Caucho | 1 Resin | 2025-04-11 | N/A |
| Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors. | ||||
| CVE-2012-2939 | 1 Itechscripts | 1 Travelon Express | 2025-04-11 | N/A |
| Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. | ||||
| CVE-2012-0860 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization Manager, Rhev Manager | 2025-04-11 | N/A |
| Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. | ||||
| CVE-2013-4369 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration. | ||||
| CVE-2012-2062 | 2 Drupal, Sami Kiminki | 2 Drupal, Redirecting Click Bouncer | 2025-04-11 | N/A |
| Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2012-1192 | 1 Unbound | 1 Unbound | 2025-04-11 | N/A |
| The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | ||||
| CVE-2011-5101 | 1 Mcafee | 1 Saas Endpoint Protection | 2025-04-11 | N/A |
| The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 allows remote attackers to relay e-mail messages via unspecified vectors, as demonstrated by relaying spam. | ||||
| CVE-2011-5032 | 1 Winmount | 1 Winmount | 2025-04-11 | N/A |
| WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device. | ||||
| CVE-2013-4520 | 1 Xmlsoft | 1 Libxslt | 2025-04-11 | N/A |
| xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. | ||||
| CVE-2011-3481 | 2 Cmu, Redhat | 2 Cyrus Imap Server, Enterprise Linux | 2025-04-11 | N/A |
| The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. | ||||
| CVE-2011-3424 | 1 Tibco | 3 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot | 2025-04-11 | N/A |
| Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2011-3396 | 1 Microsoft | 1 Powerpoint | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." | ||||
| CVE-2011-3360 | 1 Wireshark | 1 Wireshark | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. | ||||
| CVE-2011-3369 | 1 Juan Toledo | 1 Etherape | 2025-04-11 | N/A |
| The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c. | ||||
| CVE-2011-2879 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2013-5014 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2025-04-11 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||