Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3879 | 1 Ultrashareware | 1 Ultra Office Control | 2024-02-14 | 9.3 HIGH | N/A |
| The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method. | |||||
| CVE-2014-9598 | 1 Videolan | 1 Vlc Media Player | 2024-02-14 | 6.8 MEDIUM | N/A |
| The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file. | |||||
| CVE-2016-1328 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2024-02-14 | 7.8 HIGH | 7.5 HIGH |
| goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948. | |||||
| CVE-2008-4343 | 1 Chilkat Software | 1 Chilkat Xml Activex Control | 2024-02-14 | 9.3 HIGH | N/A |
| The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | |||||
| CVE-2007-6224 | 2 Microsoft, Realnetworks | 3 Windows Vista, Windows Xp, Realplayer | 2024-02-14 | 5.0 MEDIUM | N/A |
| The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method. | |||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2024-02-14 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | |||||
| CVE-2007-6235 | 1 Realnetworks | 1 Realplayer | 2024-02-14 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904. | |||||
| CVE-2016-1336 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2024-02-14 | 7.8 HIGH | 7.5 HIGH |
| goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100. | |||||
| CVE-2007-5258 | 1 Phpfreelog | 1 Phpfreelog | 2024-02-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous. | |||||
| CVE-2008-4342 | 3 Burnaware Technologies, Impressum, Numedia Soft | 3 Burnaware, Cdburnerxp, Numedia Dvd Burning Sdk | 2024-02-14 | 9.3 HIGH | N/A |
| NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | |||||
| CVE-2009-0289 | 1 Windows Tftp Utility | 1 Tftputil | 2024-02-14 | 5.0 MEDIUM | N/A |
| k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request. | |||||
| CVE-2009-3448 | 1 Bakbone | 1 Netvault | 2024-02-14 | 5.0 MEDIUM | N/A |
| npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a malloc operation. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6534 | 1 Vwsolutions | 1 Null Ftp | 2024-02-14 | 7.1 HIGH | N/A |
| Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument. | |||||
| CVE-2008-6058 | 1 Syslserve | 1 Syslserve | 2024-02-14 | 5.0 MEDIUM | N/A |
| Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet. | |||||
| CVE-2014-9597 | 1 Videolan | 1 Vlc Media Player | 2024-02-14 | 6.8 MEDIUM | N/A |
| The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file. | |||||
| CVE-2018-16454 | 1 Currency Converter Script Project | 1 Currency Converter Script | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. | |||||
| CVE-2021-46754 | 1 Amd | 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more | 2024-02-13 | N/A | 9.1 CRITICAL |
| Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity. | |||||
| CVE-2024-0849 | 1 Leanote | 1 Desktop | 2024-02-13 | N/A | 5.5 MEDIUM |
| Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. | |||||
| CVE-2019-13939 | 1 Siemens | 46 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 43 more | 2024-02-13 | 4.8 MEDIUM | 7.1 HIGH |
| A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. | |||||
| CVE-2023-46159 | 1 Ibm | 1 Storage Ceph | 2024-02-10 | N/A | 6.5 MEDIUM |
| IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. | |||||