Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1681 | 1 Vmware | 1 Open-vm-tools | 2025-04-11 | N/A |
| vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | ||||
| CVE-2011-2077 | 1 Inventivetec | 1 Mediacast | 2025-04-11 | N/A |
| The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session. | ||||
| CVE-2011-2981 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||||
| CVE-2011-3008 | 1 Avaya | 1 Secure Access Link Gateway | 2025-04-11 | N/A |
| The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information. | ||||
| CVE-2011-4499 | 2 Cisco, Linksys | 4 Linksys Wrt54g Router Firmware, Linksys Wrt54gs Router Firmware, Wrt54g and 1 more | 2025-04-11 | N/A |
| The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| CVE-2011-4500 | 2 Cisco, Linksys | 2 Linksys Wrt54gx Router Firmware, Wrt54gx | 2025-04-11 | N/A |
| The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. | ||||
| CVE-2011-4585 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. | ||||
| CVE-2012-0147 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2025-04-11 | N/A |
| Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." | ||||
| CVE-2012-0957 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2025-04-11 | N/A |
| The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. | ||||
| CVE-2012-1909 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2025-04-11 | N/A |
| The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction. | ||||
| CVE-2012-3392 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | ||||
| CVE-2012-3413 | 1 Kde | 1 Kde Pim | 2025-04-11 | N/A |
| The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | ||||
| CVE-2012-4537 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-11 | N/A |
| Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | ||||
| CVE-2012-4546 | 1 Redhat | 1 Enterprise Linux | 2025-04-11 | N/A |
| The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate. | ||||
| CVE-2010-2306 | 1 Sourcefire | 4 3d1000, 3d2000, 3d9900 and 1 more | 2025-04-11 | N/A |
| The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack. | ||||
| CVE-2013-0118 | 1 Cs-cart | 1 Cs-cart | 2025-04-11 | N/A |
| CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. | ||||
| CVE-2013-0253 | 2 Apache, Redhat | 3 Maven, Maven Wagon, Openshift | 2025-04-11 | N/A |
| The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. | ||||
| CVE-2013-0470 | 1 Ibm | 1 Netezza Performance Portal | 2025-04-11 | N/A |
| HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files. | ||||
| CVE-2013-1221 | 1 Cisco | 1 Unified Customer Voice Portal | 2025-04-11 | N/A |
| The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384. | ||||
| CVE-2011-1406 | 1 Mahara | 1 Mahara | 2025-04-11 | N/A |
| Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login. | ||||