Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4369 1 Xen 1 Xen 2025-04-11 N/A
The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.
CVE-2010-0233 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 N/A
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
CVE-2012-2424 2 Intuit, Microsoft 2 Quickbooks, Internet Explorer 2025-04-11 N/A
The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter.
CVE-2012-1238 1 Icz 1 Sencha Sns 2025-04-11 N/A
Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2010-4265 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Remoting 2025-04-11 N/A
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a duplicate of CVE-2010-3862 because a missing patch should not be assigned a separate CVE identifier.
CVE-2010-4255 2 Citrix, Redhat 2 Xen, Enterprise Linux 2025-04-11 N/A
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
CVE-2012-1194 1 Microsoft 1 Windows Server 2008 2025-04-11 N/A
The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
CVE-2011-1426 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.
CVE-2012-4756 1 Cyberlink 1 Labelprint 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .lpp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-1208 1 Ibm 1 Soliddb 2025-04-11 N/A
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command.
CVE-2012-5173 1 Bigace 1 Bigace 2025-04-11 N/A
Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2010-4313 1 Novo-ws 1 Orbis Cms 2025-04-11 N/A
Unrestricted file upload vulnerability in fileman_file_upload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/.
CVE-2012-2653 1 Lawrence Berkeley National Laboratory 1 Arpwatch 2025-04-11 N/A
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
CVE-2011-2108 1 Adobe 1 Shockwave Player 2025-04-11 N/A
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to a "design flaw."
CVE-2013-0513 1 Ibm 2 Rational Policy Tester, Security Appscan 2025-04-11 N/A
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability.
CVE-2012-2366 1 Moodle 1 Moodle 2025-04-11 N/A
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.
CVE-2010-3928 1 Wayneeseguin 1 Ruby Version Manager 2025-04-11 N/A
Ruby Version Manager (RVM) before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2010-3927 1 Lunascape 1 Lunascape 2025-04-11 N/A
Untrusted search path vulnerability in Lunascape before 6.4.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2012-3437 1 Imagemagick 1 Imagemagick 2025-04-11 N/A
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVE-2013-4236 1 Redhat 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager 2025-04-11 N/A
VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167.