Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0211 | 1 Devscripts Devel Team | 1 Devscripts | 2017-08-28 | 9.3 HIGH | N/A |
| debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. | |||||
| CVE-2012-0210 | 1 Devscripts Devel Team | 1 Devscripts | 2017-08-28 | 9.3 HIGH | N/A |
| debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. | |||||
| CVE-2011-4409 | 1 Canonical | 1 Ubuntu Linux | 2017-08-28 | 7.5 HIGH | N/A |
| The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack. | |||||
| CVE-2011-4783 | 2 Google, Hex-rays | 2 Idapython, Ida | 2017-08-28 | 9.3 HIGH | N/A |
| The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory. | |||||
| CVE-2011-4879 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2017-08-28 | 8.5 HIGH | N/A |
| miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. | |||||
| CVE-2012-0267 | 1 Ntrglobal | 1 Ntr Activex Control | 2017-08-28 | 9.3 HIGH | N/A |
| The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer. | |||||
| CVE-2011-4462 | 1 Plone | 1 Plone | 2017-08-28 | 5.0 MEDIUM | N/A |
| Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2011-5043 | 1 Tomatosoft | 1 Free Mp3 Player | 2017-08-28 | 4.3 MEDIUM | N/A |
| TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow. | |||||
| CVE-2011-3127 | 1 Wordpress | 1 Wordpress | 2017-08-28 | 5.8 MEDIUM | N/A |
| WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2011-3150 | 1 Canonical | 1 Ubuntu Linux | 2017-08-28 | 6.8 MEDIUM | N/A |
| Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
| CVE-2011-3422 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-28 | 4.3 MEDIUM | N/A |
| The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. | |||||
| CVE-2011-4405 | 1 Canonical | 1 Ubuntu Linux | 2017-08-28 | 7.5 HIGH | N/A |
| The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories. | |||||
| CVE-2011-4890 | 1 Ibm | 1 Soliddb | 2017-08-28 | 4.0 MEDIUM | N/A |
| The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery. | |||||
| CVE-2012-0212 | 1 Devscripts Devel Team | 1 Devscripts | 2017-08-28 | 9.3 HIGH | N/A |
| debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. | |||||
| CVE-2011-5136 | 1 Epractizelabs | 1 Subscription Manager | 2017-08-28 | 6.4 MEDIUM | N/A |
| showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter. | |||||
| CVE-2012-0448 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 4.0 MEDIUM | N/A |
| Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address. | |||||
| CVE-2011-3387 | 1 Ibm | 1 Java | 2017-08-28 | 4.0 MEDIUM | N/A |
| The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. | |||||
| CVE-2011-4815 | 1 Ruby-lang | 1 Ruby | 2017-08-28 | 7.8 HIGH | N/A |
| Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2010-5099 | 1 Typo3 | 1 Typo3 | 2017-08-28 | 6.8 MEDIUM | N/A |
| The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | |||||
| CVE-2011-2391 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2017-08-28 | 6.1 MEDIUM | N/A |
| The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | |||||