Total
316 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4499 | 2 Cisco, Linksys | 4 Linksys Wrt54g Router Firmware, Linksys Wrt54gs Router Firmware, Wrt54g and 1 more | 2025-04-11 | N/A |
| The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| CVE-2011-4500 | 2 Cisco, Linksys | 2 Linksys Wrt54gx Router Firmware, Wrt54gx | 2025-04-11 | N/A |
| The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. | ||||
| CVE-2011-4505 | 1 Alcatel | 2 Speedtouch 5x6 Router, Speedtouch 5x6 Router Firmware | 2025-04-11 | N/A |
| The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| CVE-2011-4506 | 1 Technicolor | 2 Tg585 Router, Tg585 Router Firmware | 2025-04-11 | N/A |
| The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
| CVE-2012-0147 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2025-04-11 | N/A |
| Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." | ||||
| CVE-2012-0797 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | ||||
| CVE-2012-3413 | 1 Kde | 1 Kde Pim | 2025-04-11 | N/A |
| The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | ||||
| CVE-2012-4537 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-11 | N/A |
| Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | ||||
| CVE-2012-4690 | 1 Rockwellautomation | 3 Ab Micrologix Controller, Plc-5 Controller, Slc 500 Controller | 2025-04-11 | N/A |
| Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. | ||||
| CVE-2012-5512 | 1 Citrix | 1 Xenserver | 2025-04-11 | N/A |
| Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-5634 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. | ||||
| CVE-2013-0118 | 1 Cs-cart | 1 Cs-cart | 2025-04-11 | N/A |
| CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. | ||||
| CVE-2013-0253 | 2 Apache, Redhat | 3 Maven, Maven Wagon, Openshift | 2025-04-11 | N/A |
| The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. | ||||
| CVE-2013-0470 | 1 Ibm | 1 Netezza Performance Portal | 2025-04-11 | N/A |
| HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files. | ||||
| CVE-2009-2750 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-11 | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. | ||||
| CVE-2013-4221 | 2 Redhat, Restlet | 6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more | 2025-04-11 | N/A |
| The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML. | ||||
| CVE-2009-5120 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2025-04-11 | N/A |
| The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. | ||||
| CVE-2010-0558 | 1 Sun | 1 Opensolaris | 2025-04-11 | N/A |
| The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. | ||||
| CVE-2010-2977 | 1 Cisco | 1 Unified Wireless Network Solution Software | 2025-04-11 | N/A |
| Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611. | ||||
| CVE-2011-2395 | 1 Cisco | 1 Ios | 2025-04-11 | N/A |
| The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | ||||