Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4171 2 Redhat, Systemtap 2 Enterprise Linux, Systemtap 2025-04-11 N/A
The staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).
CVE-2010-4163 4 Linux, Opensuse, Redhat and 1 more 7 Linux Kernel, Opensuse, Enterprise Linux and 4 more 2025-04-11 N/A
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.
CVE-2014-1962 1 Sap 1 Customer Relationship Management 2025-04-11 N/A
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2010-4112 1 Hp 1 Insight Management Agents 2025-04-11 N/A
HP Insight Management Agents before 8.6 allows remote attackers to obtain sensitive information via an unspecified request that triggers disclosure of the full path.
CVE-2010-4099 1 Nitrosecurity 2 Nitroview Esm, Nitroview Esm Software 2025-04-11 N/A
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.
CVE-2014-1233 1 Tobias Maier 1 Paratrooper-pingdom 2025-04-11 N/A
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
CVE-2014-0261 1 Microsoft 1 Dynamics Ax 2025-04-11 N/A
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."
CVE-2014-0253 1 Microsoft 1 .net Framework 2025-04-11 N/A
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."
CVE-2012-1010 2 Likno, Wordpress 2 Allwebmenus Plugin, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVE-2012-4032 1 Websitepanel 1 Websitepanel 2025-04-11 N/A
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.
CVE-2010-4074 3 Debian, Linux, Redhat 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more 2025-04-11 N/A
The USB subsystem in the Linux kernel before 2.6.36-rc5 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to TIOCGICOUNT ioctl calls, and the (1) mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2) mos7840_ioctl function in drivers/usb/serial/mos7840.c.
CVE-2010-4068 1 Typo3 1 Typo3 2025-04-11 N/A
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714.
CVE-2010-4049 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.
CVE-2010-4048 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.
CVE-2010-4046 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.
CVE-2010-3417 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
CVE-2012-6554 1 A51dev 1 Activecollab Chat Module 2025-04-11 N/A
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVE-2012-3996 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-11 N/A
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2013-6868 1 Sybase 1 Adaptive Server Enterprise 2025-04-11 N/A
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors.
CVE-2013-6834 1 Freebsd 1 Freebsd 2025-04-11 N/A
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.