ReportizFlow
Filtered by vendor
Subscriptions
Total
13174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3195 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options. | ||||
| CVE-2022-39012 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | 7.5 High |
| Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal. | ||||
| CVE-2020-36564 | 1 Nosurf Project | 1 Nosurf | 2025-04-11 | 7.5 High |
| Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. | ||||
| CVE-2024-20334 | 1 Cisco | 1 Telepresence Management Suite | 2025-04-11 | 5.5 Medium |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2019-6470 | 3 Isc, Opensuse, Redhat | 19 Dhcpd, Leap, Enterprise Linux and 16 more | 2025-04-11 | 6.5 Medium |
| There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. | ||||
| CVE-2021-30501 | 3 Fedoraproject, Redhat, Upx | 3 Fedora, Enterprise Linux, Upx | 2025-04-11 | 5.5 Medium |
| An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. | ||||
| CVE-2011-0981 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2025-04-11 | N/A |
| Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||||
| CVE-2013-0669 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | N/A |
| The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. | ||||
| CVE-2013-0670 | 1 Siemens | 1 Wincc Tia Portal | 2025-04-11 | N/A |
| CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | ||||
| CVE-2009-4918 | 1 Cisco | 1 Asa 5580 | 2025-04-11 | N/A |
| Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allow remote attackers to cause a denial of service (IKE process hang) via malformed NAT-T packets, aka Bug ID CSCsr74439. | ||||
| CVE-2011-2332 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2013-0686 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | N/A |
| Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2011-2397 | 1 Ironmountain | 1 Connected Backup | 2025-04-11 | N/A |
| The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method. | ||||
| CVE-2011-2405 | 1 Hp | 2 Proliant Sl Advanced Power Manager, Proliant Sl Advanced Power Manager Firmware | 2025-04-11 | N/A |
| The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2013-0714 | 1 Windriver | 1 Vxworks | 2025-04-11 | N/A |
| IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication request. | ||||
| CVE-2013-0716 | 1 Windriver | 1 Vxworks | 2025-04-11 | N/A |
| The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. | ||||
| CVE-2012-4292 | 4 Opensuse, Redhat, Sun and 1 more | 4 Opensuse, Enterprise Linux, Sunos and 1 more | 2025-04-11 | N/A |
| The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
| CVE-2011-4815 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2025-04-11 | N/A |
| Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | ||||
| CVE-2011-2518 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name. | ||||
| CVE-2011-2526 | 2 Apache, Redhat | 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more | 2025-04-11 | N/A |
| Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. | ||||