Max CVSS 10.0 Min CVSS 1.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-3720 5.0
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafte
22-02-2024 - 03:40 03-11-2009 - 16:30
CVE-2009-3547 6.9
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
15-02-2024 - 21:12 04-11-2009 - 15:30
CVE-2010-0249 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote
15-02-2024 - 21:06 15-01-2010 - 17:30
CVE-2009-4272 7.8
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and
15-02-2024 - 20:47 27-01-2010 - 17:30
CVE-2009-1195 4.9
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Opti
15-02-2024 - 18:54 28-05-2009 - 20:30
CVE-2010-0425 10.0
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an
14-02-2024 - 01:17 05-03-2010 - 19:30
CVE-2009-0846 10.0
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code
09-02-2024 - 03:21 09-04-2009 - 00:30
CVE-2009-3620 4.9
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash
09-02-2024 - 00:20 22-10-2009 - 16:00
CVE-2009-1386 5.0
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
07-02-2024 - 18:03 04-06-2009 - 16:30
CVE-2009-1378 5.0
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or
07-02-2024 - 18:02 19-05-2009 - 19:30
CVE-2009-1377 5.0
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, ak
07-02-2024 - 18:01 19-05-2009 - 19:30
CVE-2009-1387 5.0
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a
07-02-2024 - 18:01 04-06-2009 - 16:30
CVE-2010-2753 9.3
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a X
03-02-2024 - 02:26 30-07-2010 - 20:30
CVE-2010-0050 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
03-02-2024 - 02:24 15-03-2010 - 14:15
CVE-2010-1208 9.3
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors rel
02-02-2024 - 16:10 30-07-2010 - 20:30
CVE-2008-3281 4.3
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
02-02-2024 - 15:02 27-08-2008 - 20:41
CVE-2010-4577 5.0
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS
02-02-2024 - 02:39 22-12-2010 - 01:00
CVE-2011-0611 9.3
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on W
02-02-2024 - 02:39 13-04-2011 - 14:55
CVE-2009-3939 6.6
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
25-01-2024 - 21:37 16-11-2009 - 19:30
CVE-2008-2939 4.3
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we
19-01-2024 - 15:13 06-08-2008 - 18:41
CVE-2009-0034 6.9
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file
12-01-2024 - 20:40 30-01-2009 - 19:30
CVE-2009-3560 5.0
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that
01-11-2023 - 17:16 04-12-2009 - 21:30
CVE-2010-1452 5.0
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
01-11-2023 - 15:32 28-07-2010 - 20:00
CVE-2010-0408 5.0
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial o
01-11-2023 - 15:32 05-03-2010 - 16:30
CVE-2010-2068 5.0
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows rem
13-02-2023 - 04:19 18-06-2010 - 16:30
CVE-2010-0434 4.3
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, wh
13-02-2023 - 04:16 05-03-2010 - 19:30
CVE-2010-0290 4.0
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisonin
13-02-2023 - 02:21 22-01-2010 - 22:00
CVE-2009-4141 7.2
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then cl
13-02-2023 - 02:20 19-01-2010 - 16:30
CVE-2009-4021 4.9
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption a
13-02-2023 - 02:20 25-11-2009 - 16:30
CVE-2009-2409 5.1
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificat
13-02-2023 - 02:20 30-07-2009 - 19:30
CVE-2009-1890 7.1
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al
13-02-2023 - 02:20 05-07-2009 - 16:30
CVE-2009-3621 4.9
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing
13-02-2023 - 02:20 22-10-2009 - 16:00
CVE-2009-3889 6.6
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
13-02-2023 - 02:20 16-11-2009 - 19:30
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
13-02-2023 - 02:20 09-11-2009 - 17:30
CVE-2009-2908 4.9
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a
13-02-2023 - 02:20 13-10-2009 - 10:30
CVE-2009-4138 4.7
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified
13-02-2023 - 02:20 16-12-2009 - 19:30
CVE-2009-4030 4.4
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks
13-02-2023 - 02:20 30-11-2009 - 17:30
CVE-2009-3726 7.8
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect
13-02-2023 - 02:20 09-11-2009 - 19:30
CVE-2009-3556 1.9
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport
13-02-2023 - 02:20 27-01-2010 - 17:30
CVE-2009-4020 7.8
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
13-02-2023 - 02:20 04-12-2009 - 21:30
CVE-2009-2910 2.1
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 p
13-02-2023 - 02:20 20-10-2009 - 17:30
CVE-2009-1379 5.0
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS
13-02-2023 - 02:20 19-05-2009 - 19:30
CVE-2009-3080 7.2
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
13-02-2023 - 02:20 20-11-2009 - 17:30
CVE-2009-1891 7.1
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13-02-2023 - 02:20 10-07-2009 - 15:30
CVE-2009-1308 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in
13-02-2023 - 02:20 22-04-2009 - 18:30
CVE-2010-0001 6.8
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra
13-02-2023 - 02:20 29-01-2010 - 18:30
CVE-2008-4309 5.0
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK req
13-02-2023 - 02:19 31-10-2008 - 20:29
CVE-2008-3529 10.0
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
13-02-2023 - 02:19 12-09-2008 - 16:56
CVE-2008-2364 5.0
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
13-02-2023 - 02:19 13-06-2008 - 18:41
CVE-2009-1185 7.2
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
13-02-2023 - 02:19 17-04-2009 - 14:30
CVE-2009-0771 10.0
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a
13-02-2023 - 02:19 05-03-2009 - 02:30
CVE-2009-1191 5.0
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13-02-2023 - 02:19 23-04-2009 - 17:30
CVE-2007-4567 7.8
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic)
13-02-2023 - 02:18 21-12-2007 - 00:46
CVE-2011-0706 7.5
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descripto
13-02-2023 - 01:18 19-02-2011 - 01:00
CVE-2009-3612 2.1
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensit
13-02-2023 - 01:17 19-10-2009 - 20:00
CVE-2009-3613 7.8
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of netwo
13-02-2023 - 01:17 19-10-2009 - 20:00
CVE-2009-2412 10.0
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
13-02-2023 - 01:17 06-08-2009 - 15:30
CVE-2011-3640 7.1
** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level di
12-02-2023 - 20:15 28-10-2011 - 02:49
CVE-2012-0753 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
30-01-2023 - 18:01 16-02-2012 - 19:55
CVE-2012-0751 10.0
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
30-01-2023 - 18:01 16-02-2012 - 19:55
CVE-2012-0767 4.3
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attac
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0752 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0756 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0755 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0754 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0773 9.3
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x;
30-01-2023 - 18:00 28-03-2012 - 19:55
CVE-2010-0987 9.3
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.
03-11-2022 - 17:38 13-05-2010 - 17:30
CVE-2010-0986 9.3
Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.
03-11-2022 - 17:35 13-05-2010 - 17:30
CVE-2010-0130 9.3
Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.
03-11-2022 - 17:34 13-05-2010 - 17:30
CVE-2010-0127 9.3
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.
03-11-2022 - 17:33 13-05-2010 - 17:30
CVE-2010-1281 9.3
iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)
29-09-2022 - 16:52 13-05-2010 - 17:30
CVE-2009-3095 5.0
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as
19-09-2022 - 19:50 08-09-2009 - 18:30
CVE-2009-3094 2.6
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a mal
19-09-2022 - 19:49 08-09-2009 - 18:30
CVE-2010-1280 9.3
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir fi
16-09-2022 - 18:19 13-05-2010 - 17:30
CVE-2010-2179 4.3
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecifi
15-09-2022 - 13:29 15-06-2010 - 18:00
CVE-2010-0129 9.3
Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index erro
07-06-2022 - 13:29 13-05-2010 - 17:30
CVE-2011-4372 7.5
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and
03-06-2022 - 17:21 10-01-2012 - 21:55
CVE-2011-4373 7.5
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and
03-06-2022 - 15:50 10-01-2012 - 21:55
CVE-2011-3279 7.8
The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti9821
02-06-2022 - 17:24 03-10-2011 - 23:55
CVE-2008-3806 8.5
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of s
02-06-2022 - 17:18 26-09-2008 - 16:21
CVE-2008-3805 8.5
Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of s
02-06-2022 - 17:17 26-09-2008 - 16:21
CVE-2008-3802 7.1
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Ci
02-06-2022 - 17:13 26-09-2008 - 16:21
CVE-2008-3801 7.1
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device
02-06-2022 - 17:12 26-09-2008 - 16:21
CVE-2008-3800 7.1
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device
02-06-2022 - 17:11 26-09-2008 - 16:21
CVE-2008-3799 7.8
Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP
02-06-2022 - 17:10 26-09-2008 - 16:21
CVE-2008-3798 7.8
Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session.
02-06-2022 - 17:09 26-09-2008 - 16:21
CVE-2008-2739 7.8
The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different
02-06-2022 - 17:09 26-09-2008 - 16:21
CVE-2012-0502 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and u
13-05-2022 - 14:53 15-02-2012 - 22:55
CVE-2011-3547 5.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java a
13-05-2022 - 14:52 19-10-2011 - 21:55
CVE-2011-3561 1.8
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
13-05-2022 - 14:52 19-10-2011 - 21:55
CVE-2011-3563 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and ava
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2011-3546 5.8
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and
13-05-2022 - 14:52 19-10-2011 - 21:55
CVE-2010-1423 9.3
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code
13-05-2022 - 14:52 15-04-2010 - 21:30
CVE-2012-0505 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and unt
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0503 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and u
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0501 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0506 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and u
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0500 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets t
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0498 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0497 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0504 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2012-0499 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to
13-05-2022 - 14:52 15-02-2012 - 22:55
CVE-2010-0128 9.3
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir fil
22-04-2022 - 01:44 13-05-2010 - 17:30
CVE-2010-1283 9.3
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF
05-04-2022 - 14:48 13-05-2010 - 17:30
CVE-2010-1282 4.3
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
05-04-2022 - 14:46 13-05-2010 - 17:30
CVE-2010-1289 9.3
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-201
28-02-2022 - 14:41 13-05-2010 - 21:30
CVE-2010-1288 9.3
Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.
28-02-2022 - 14:41 13-05-2010 - 21:30
CVE-2010-1287 9.3
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-201
28-02-2022 - 14:41 13-05-2010 - 21:30
CVE-2010-1286 9.3
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-201
28-02-2022 - 14:41 13-05-2010 - 21:30
CVE-2010-1291 9.3
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-201
28-02-2022 - 14:41 13-05-2010 - 21:30
CVE-2010-1292 9.3
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a d
28-02-2022 - 14:35 13-05-2010 - 17:30
CVE-2010-1284 9.3
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-201
28-02-2022 - 14:35 13-05-2010 - 21:30
CVE-2010-1290 9.3
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-201
16-12-2021 - 18:19 13-05-2010 - 21:30
CVE-2011-4370 7.5
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and
22-09-2021 - 14:22 10-01-2012 - 21:55
CVE-2011-4371 7.5
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
22-09-2021 - 14:22 10-01-2012 - 21:55
CVE-2010-4487 7.5
Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
08-09-2021 - 17:19 07-12-2010 - 21:00
CVE-2010-3414 10.0
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists beca
08-09-2021 - 17:19 16-09-2010 - 21:00
CVE-2011-1305 6.8
Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.
08-09-2021 - 17:19 03-05-2011 - 22:55
CVE-2011-0782 5.0
Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.
08-09-2021 - 17:19 04-02-2011 - 18:00
CVE-2011-0776 5.0
The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.
08-09-2021 - 17:19 04-02-2011 - 18:00
CVE-2012-0724 9.3
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
08-09-2021 - 17:19 06-04-2012 - 20:55
CVE-2012-0725 9.3
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
08-09-2021 - 17:19 06-04-2012 - 20:55
CVE-2011-4374 9.3
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
08-09-2021 - 17:19 19-01-2012 - 19:55
CVE-2010-0027 9.3
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attac
23-07-2021 - 15:12 22-01-2010 - 22:00
CVE-2010-0244 9.3
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corru
23-07-2021 - 15:12 22-01-2010 - 22:00
CVE-2010-0248 9.3
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corru
23-07-2021 - 15:12 22-01-2010 - 22:00
CVE-2009-0550 9.3
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on
23-07-2021 - 12:19 15-04-2009 - 08:00
CVE-2007-6420 4.3
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
06-06-2021 - 11:15 12-01-2008 - 00:46
CVE-2007-6421 3.5
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the U
06-06-2021 - 11:15 08-01-2008 - 19:46
CVE-2007-6422 4.0
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb
06-06-2021 - 11:15 08-01-2008 - 18:46
CVE-2010-0010 6.8
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary co
06-06-2021 - 11:15 02-02-2010 - 16:30
CVE-2010-1256 8.5
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corr
05-02-2021 - 15:37 08-06-2010 - 20:30
CVE-2008-1446 9.0
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users
23-11-2020 - 20:09 15-10-2008 - 00:12
CVE-2009-2521 5.0
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that re
23-11-2020 - 19:50 04-09-2009 - 10:30
CVE-2010-2008 3.5
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot
09-11-2020 - 14:33 13-07-2010 - 20:30
CVE-2009-0590 5.0
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid
03-11-2020 - 17:38 27-03-2009 - 16:30
CVE-2011-4374 9.3
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
28-09-2020 - 15:22 19-01-2012 - 19:55
CVE-2012-0449 9.3
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
28-08-2020 - 13:14 01-02-2012 - 16:55
CVE-2012-0444 10.0
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corr
28-08-2020 - 13:12 01-02-2012 - 16:55
CVE-2012-0442 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corru
28-08-2020 - 13:11 01-02-2012 - 16:55
CVE-2011-3659 9.3
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect Attribu
28-08-2020 - 13:10 01-02-2012 - 16:55
CVE-2010-1205 7.5
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
14-08-2020 - 15:50 30-06-2010 - 18:30
CVE-2009-3228 2.1
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users
13-08-2020 - 12:59 19-10-2009 - 20:00
CVE-2010-1770 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, wh
07-08-2020 - 15:25 11-06-2010 - 19:30
CVE-2010-2298 10.0
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrict
05-08-2020 - 18:11 15-06-2010 - 18:00
CVE-2010-3259 4.3
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass t
04-08-2020 - 19:45 07-09-2010 - 18:00
CVE-2010-3258 9.3
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
04-08-2020 - 19:43 07-09-2010 - 18:00
CVE-2010-3257 9.3
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (applicat
04-08-2020 - 19:41 07-09-2010 - 18:00
CVE-2010-3254 10.0
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
04-08-2020 - 19:40 07-09-2010 - 18:00
CVE-2010-3253 10.0
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
04-08-2020 - 19:35 07-09-2010 - 18:00
CVE-2010-3252 10.0
Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
04-08-2020 - 19:32 07-09-2010 - 18:00
CVE-2010-3416 7.5
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
04-08-2020 - 19:11 16-09-2010 - 21:00
CVE-2010-3255 9.3
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
04-08-2020 - 14:16 07-09-2010 - 18:00
CVE-2010-3256 4.3
Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.
03-08-2020 - 21:16 07-09-2010 - 18:00
CVE-2010-3250 5.0
Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.
03-08-2020 - 21:07 07-09-2010 - 18:00
CVE-2010-3249 9.3
Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue.
03-08-2020 - 20:57 07-09-2010 - 18:00
CVE-2010-3247 4.3
Google Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences.
03-08-2020 - 20:55 07-09-2010 - 18:00
CVE-2010-3248 5.0
Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.
03-08-2020 - 20:55 07-09-2010 - 18:00
CVE-2010-3246 4.3
Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors.
03-08-2020 - 20:50 07-09-2010 - 18:00
CVE-2010-1822 6.8
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service
03-08-2020 - 18:32 04-10-2010 - 21:00
CVE-2010-3730 6.8
Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.
03-08-2020 - 14:59 05-10-2010 - 18:00
CVE-2010-3729 7.5
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
03-08-2020 - 14:59 05-10-2010 - 18:00
CVE-2010-4041 7.5
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
31-07-2020 - 19:33 21-10-2010 - 19:00
CVE-2010-4039 7.5
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
31-07-2020 - 19:31 21-10-2010 - 19:00
CVE-2010-4038 5.0
The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
31-07-2020 - 19:24 21-10-2010 - 19:00
CVE-2010-3417 5.0
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
31-07-2020 - 19:20 16-09-2010 - 21:00
CVE-2010-3415 10.0
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
31-07-2020 - 19:13 16-09-2010 - 21:00
CVE-2010-3413 5.0
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
31-07-2020 - 19:11 16-09-2010 - 21:00
CVE-2010-3412 9.3
Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
31-07-2020 - 19:10 16-09-2010 - 21:00
CVE-2010-3411 5.0
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.
31-07-2020 - 19:04 16-09-2010 - 21:00
CVE-2010-4202 7.5
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
31-07-2020 - 18:25 06-11-2010 - 00:00
CVE-2010-3251 4.3
The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
31-07-2020 - 17:51 07-09-2010 - 18:00
CVE-2010-4574 7.5
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization
31-07-2020 - 11:18 22-12-2010 - 01:00
CVE-2010-4575 4.3
The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, whi
31-07-2020 - 11:18 22-12-2010 - 01:00
CVE-2010-4576 5.0
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereferen
29-07-2020 - 15:31 22-12-2010 - 01:00
CVE-2010-4578 7.5
Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale po
28-07-2020 - 19:16 22-12-2010 - 01:00
CVE-2011-0484 7.5
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale
27-07-2020 - 16:19 14-01-2011 - 17:00
CVE-2011-0477 10.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact v
27-07-2020 - 16:01 14-01-2011 - 17:00
CVE-2011-0480 9.3
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or
24-07-2020 - 21:16 14-01-2011 - 17:00
CVE-2011-0485 10.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."
24-07-2020 - 21:16 14-01-2011 - 17:00
CVE-2011-0479 7.5
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.
24-07-2020 - 21:12 14-01-2011 - 17:00
CVE-2011-0475 9.3
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
24-07-2020 - 21:09 14-01-2011 - 17:00
CVE-2011-0474 10.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified
24-07-2020 - 21:05 14-01-2011 - 17:00
CVE-2011-0470 5.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
24-07-2020 - 21:04 14-01-2011 - 17:00
CVE-2011-0478 10.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale
24-07-2020 - 14:03 14-01-2011 - 17:00
CVE-2011-0483 5.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact
24-07-2020 - 13:59 14-01-2011 - 17:00
CVE-2011-0482 4.3
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impa
24-07-2020 - 13:56 14-01-2011 - 17:00
CVE-2011-0481 9.3
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.
24-07-2020 - 13:55 14-01-2011 - 17:00
CVE-2011-0476 10.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.
24-07-2020 - 13:48 14-01-2011 - 17:00
CVE-2011-0473 10.0
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have uns
24-07-2020 - 13:41 14-01-2011 - 17:00
CVE-2011-0472 9.3
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other im
24-07-2020 - 13:37 14-01-2011 - 17:00
CVE-2011-0471 10.0
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown
24-07-2020 - 13:32 14-01-2011 - 17:00
CVE-2011-0784 6.8
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
05-06-2020 - 13:36 04-02-2011 - 18:00
CVE-2011-0783 4.3
Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."
04-06-2020 - 21:00 04-02-2011 - 18:00
CVE-2011-0781 7.5
Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.
04-06-2020 - 20:49 04-02-2011 - 18:00
CVE-2011-0780 6.8
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unkn
04-06-2020 - 20:45 04-02-2011 - 18:00
CVE-2011-0779 5.0
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
04-06-2020 - 20:43 04-02-2011 - 18:00
CVE-2011-0777 7.5
Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.
04-06-2020 - 20:41 04-02-2011 - 18:00
CVE-2011-0982 10.0
Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.
04-06-2020 - 19:33 10-02-2011 - 19:00
CVE-2011-0981 7.5
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 19:33 10-02-2011 - 19:00
CVE-2011-0983 7.5
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 19:33 10-02-2011 - 19:00
CVE-2011-1122 5.0
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.
04-06-2020 - 19:24 01-03-2011 - 23:00
CVE-2011-1125 7.5
Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 19:21 01-03-2011 - 23:00
CVE-2011-1123 7.5
Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors.
04-06-2020 - 19:17 01-03-2011 - 23:00
CVE-2011-1124 7.5
Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.
04-06-2020 - 19:17 01-03-2011 - 23:00
CVE-2011-1121 7.5
Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.
04-06-2020 - 19:15 01-03-2011 - 23:00
CVE-2011-1120 5.0
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.
04-06-2020 - 19:11 01-03-2011 - 23:00
CVE-2011-1119 7.5
Google Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 19:03 01-03-2011 - 23:00
CVE-2011-1118 6.8
Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
04-06-2020 - 18:53 01-03-2011 - 23:00
CVE-2011-1117 7.5
Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."
04-06-2020 - 18:48 01-03-2011 - 23:00
CVE-2011-1116 7.5
Google Chrome before 9.0.597.107 does not properly handle SVG animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 18:28 01-03-2011 - 23:00
CVE-2011-1115 7.5
Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 18:06 01-03-2011 - 23:00
CVE-2011-1114 7.5
Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
04-06-2020 - 18:05 01-03-2011 - 23:00
CVE-2011-1113 5.0
Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
04-06-2020 - 17:58 01-03-2011 - 23:00
CVE-2011-1112 7.5
Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
04-06-2020 - 17:38 01-03-2011 - 23:00
CVE-2011-1110 7.5
Google Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 17:36 01-03-2011 - 23:00
CVE-2011-0985 7.5
Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.
04-06-2020 - 17:30 10-02-2011 - 19:00
CVE-2011-0984 5.0
Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
04-06-2020 - 17:26 10-02-2011 - 19:00
CVE-2011-1286 7.5
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.
04-06-2020 - 14:32 11-03-2011 - 02:01
CVE-2011-1204 6.8
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.
04-06-2020 - 14:17 11-03-2011 - 02:01
CVE-2011-1202 4.3
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an
04-06-2020 - 14:16 11-03-2011 - 02:01
CVE-2011-1201 7.5
The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
04-06-2020 - 13:45 11-03-2011 - 02:01
CVE-2011-1200 6.8
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
04-06-2020 - 13:43 11-03-2011 - 02:01
CVE-2011-1198 7.5
The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."
03-06-2020 - 21:16 11-03-2011 - 02:01
CVE-2011-1197 7.5
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
03-06-2020 - 20:45 11-03-2011 - 02:01
CVE-2011-1194 5.0
Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.
03-06-2020 - 20:38 11-03-2011 - 02:01
CVE-2011-1185 7.5
Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.
03-06-2020 - 20:31 11-03-2011 - 02:01
CVE-2011-1111 7.5
Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
03-06-2020 - 20:14 01-03-2011 - 23:00
CVE-2011-1109 7.5
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "sta
03-06-2020 - 20:04 01-03-2011 - 23:00
CVE-2011-1107 4.3
Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.
03-06-2020 - 19:57 01-03-2011 - 23:00
CVE-2011-1413 5.0
Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.
03-06-2020 - 18:59 11-03-2011 - 02:01
CVE-2011-1285 7.5
The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vec
03-06-2020 - 18:57 11-03-2011 - 02:01
CVE-2011-1203 7.5
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
03-06-2020 - 18:47 11-03-2011 - 02:01
CVE-2011-1199 7.5
Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
03-06-2020 - 18:45 11-03-2011 - 02:01
CVE-2011-1196 7.5
The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
03-06-2020 - 18:44 11-03-2011 - 02:01
CVE-2011-1195 7.5
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."
03-06-2020 - 18:42 11-03-2011 - 02:01
CVE-2011-1191 7.5
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.
03-06-2020 - 18:41 11-03-2011 - 02:01
CVE-2011-1189 7.5
Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
03-06-2020 - 18:35 11-03-2011 - 02:01
CVE-2011-1188 7.5
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
03-06-2020 - 18:21 11-03-2011 - 02:01
CVE-2011-1187 5.0
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
03-06-2020 - 18:20 11-03-2011 - 02:01
CVE-2011-1691 5.0
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access t
03-06-2020 - 15:29 15-04-2011 - 00:55
CVE-2011-1465 5.0
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
03-06-2020 - 15:19 20-03-2011 - 02:00
CVE-2011-1059 4.3
Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other
03-06-2020 - 14:54 22-02-2011 - 19:00
CVE-2011-1190 5.0
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
02-06-2020 - 20:22 11-03-2011 - 02:01
CVE-2011-1193 7.5
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
02-06-2020 - 20:16 11-03-2011 - 02:01
CVE-2011-1186 5.0
Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code.
02-06-2020 - 20:11 11-03-2011 - 02:01
CVE-2011-1192 5.0
Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
02-06-2020 - 20:02 11-03-2011 - 02:01
CVE-2011-1108 6.8
Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
02-06-2020 - 18:33 01-03-2011 - 23:00
CVE-2011-1296 7.5
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
29-05-2020 - 21:06 25-03-2011 - 19:55
CVE-2011-1294 7.5
Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale po
29-05-2020 - 21:04 25-03-2011 - 19:55
CVE-2011-1293 7.5
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
29-05-2020 - 21:03 25-03-2011 - 19:55
CVE-2011-1301 9.3
Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
29-05-2020 - 21:01 15-04-2011 - 19:55
CVE-2011-1302 9.3
Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
29-05-2020 - 20:59 15-04-2011 - 19:55
CVE-2011-1292 7.5
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
29-05-2020 - 20:56 25-03-2011 - 19:55
CVE-2011-1291 7.5
Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."
29-05-2020 - 20:37 25-03-2011 - 19:55
CVE-2011-1295 7.5
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks,
29-05-2020 - 20:36 25-03-2011 - 19:55
CVE-2011-1436 5.0
Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
29-05-2020 - 20:24 03-05-2011 - 22:55
CVE-2011-1439 6.8
Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.
29-05-2020 - 20:21 03-05-2011 - 22:55
CVE-2011-1444 6.8
Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
29-05-2020 - 20:14 03-05-2011 - 22:55
CVE-2011-1454 6.8
Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
22-05-2020 - 18:43 03-05-2011 - 22:55
CVE-2011-1804 7.5
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown
22-05-2020 - 18:38 26-05-2011 - 16:55
CVE-2011-1456 6.8
Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
22-05-2020 - 18:30 03-05-2011 - 22:55
CVE-2011-1452 5.8
Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.
22-05-2020 - 18:29 03-05-2011 - 22:55
CVE-2011-1449 6.8
Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 18:28 03-05-2011 - 22:55
CVE-2011-1451 7.5
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
22-05-2020 - 18:28 03-05-2011 - 22:55
CVE-2011-1807 10.0
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
22-05-2020 - 18:26 26-05-2011 - 16:55
CVE-2011-1445 6.8
Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
22-05-2020 - 18:25 03-05-2011 - 22:55
CVE-2011-1448 6.8
Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
22-05-2020 - 18:25 03-05-2011 - 22:55
CVE-2011-1440 6.8
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
22-05-2020 - 18:24 03-05-2011 - 22:55
CVE-2011-1455 6.8
Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
22-05-2020 - 18:23 03-05-2011 - 22:55
CVE-2011-1443 6.8
Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
22-05-2020 - 18:23 03-05-2011 - 22:55
CVE-2011-1303 7.5
Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
22-05-2020 - 18:23 03-05-2011 - 22:55
CVE-2011-1437 6.8
Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.
22-05-2020 - 18:23 03-05-2011 - 22:55
CVE-2011-1806 10.0
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
22-05-2020 - 18:13 26-05-2011 - 16:55
CVE-2011-1801 5.0
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.
22-05-2020 - 18:09 26-05-2011 - 16:55
CVE-2011-1800 7.5
Multiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 18:08 16-05-2011 - 17:55
CVE-2011-1799 6.8
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 18:02 16-05-2011 - 17:55
CVE-2011-1450 5.0
Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
22-05-2020 - 17:59 03-05-2011 - 22:55
CVE-2011-1447 6.8
Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
22-05-2020 - 17:56 03-05-2011 - 22:55
CVE-2011-1446 5.8
Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.
22-05-2020 - 17:48 03-05-2011 - 22:55
CVE-2011-1442 6.8
Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 17:45 03-05-2011 - 22:55
CVE-2011-1441 6.8
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML
22-05-2020 - 17:42 03-05-2011 - 22:55
CVE-2011-1438 7.5
Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.
22-05-2020 - 17:39 03-05-2011 - 22:55
CVE-2011-1435 5.0
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.
22-05-2020 - 17:32 03-05-2011 - 22:55
CVE-2011-1304 5.0
Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.
22-05-2020 - 17:27 03-05-2011 - 22:55
CVE-2011-1434 6.8
Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 17:17 03-05-2011 - 22:55
CVE-2011-2342 4.3
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
22-05-2020 - 16:44 09-06-2011 - 19:55
CVE-2011-1819 4.3
Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.
22-05-2020 - 16:44 09-06-2011 - 19:55
CVE-2011-1818 6.8
Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 16:43 09-06-2011 - 19:55
CVE-2011-1817 6.8
Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 16:13 09-06-2011 - 19:55
CVE-2011-1816 6.8
Use-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 15:37 09-06-2011 - 19:55
CVE-2011-1815 4.3
Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.
22-05-2020 - 15:30 09-06-2011 - 19:55
CVE-2011-1814 5.8
Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 15:21 09-06-2011 - 19:55
CVE-2011-1813 6.8
Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
22-05-2020 - 14:55 09-06-2011 - 19:55
CVE-2011-1812 7.5
Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.
22-05-2020 - 14:52 09-06-2011 - 19:55
CVE-2011-1811 4.3
Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
22-05-2020 - 14:49 09-06-2011 - 19:55
CVE-2011-1810 4.3
The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.
22-05-2020 - 14:17 09-06-2011 - 19:55
CVE-2011-1809 6.8
Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
22-05-2020 - 14:16 09-06-2011 - 19:55
CVE-2011-2351 6.8
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
21-05-2020 - 20:33 29-06-2011 - 17:55
CVE-2011-2350 6.8
The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
21-05-2020 - 20:29 29-06-2011 - 17:55
CVE-2011-2349 6.8
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.
21-05-2020 - 20:25 29-06-2011 - 17:55
CVE-2011-2348 6.8
Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
21-05-2020 - 20:15 29-06-2011 - 17:55
CVE-2011-2347 6.8
Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
21-05-2020 - 20:12 29-06-2011 - 17:55
CVE-2011-2346 6.8
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.
21-05-2020 - 19:59 29-06-2011 - 17:55
CVE-2011-2345 4.3
The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
21-05-2020 - 19:58 29-06-2011 - 17:55
CVE-2011-2332 7.5
Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
21-05-2020 - 19:47 09-06-2011 - 19:55
CVE-2011-1808 6.8
Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.
21-05-2020 - 19:42 09-06-2011 - 19:55
CVE-2011-2818 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.
21-05-2020 - 12:54 03-08-2011 - 00:55
CVE-2011-2793 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors.
21-05-2020 - 01:13 03-08-2011 - 00:55
CVE-2011-2791 6.8
The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
21-05-2020 - 01:13 03-08-2011 - 00:55
CVE-2011-2803 6.8
Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
21-05-2020 - 01:12 03-08-2011 - 00:55
CVE-2011-2797 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.
21-05-2020 - 01:12 03-08-2011 - 00:55
CVE-2011-2796 6.8
Use-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
21-05-2020 - 01:12 03-08-2011 - 00:55
CVE-2011-2801 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader.
21-05-2020 - 01:11 03-08-2011 - 00:55
CVE-2011-2785 4.3
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.
21-05-2020 - 01:06 03-08-2011 - 00:55
CVE-2011-2360 4.3
Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.
21-05-2020 - 01:04 03-08-2011 - 00:55
CVE-2011-2359 6.8
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
21-05-2020 - 00:59 03-08-2011 - 00:55
CVE-2011-2783 6.8
Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
20-05-2020 - 20:06 03-08-2011 - 00:55
CVE-2011-2782 4.3
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
20-05-2020 - 19:57 03-08-2011 - 00:55
CVE-2011-2358 6.8
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
20-05-2020 - 19:51 03-08-2011 - 00:55
CVE-2011-2804 4.3
Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
20-05-2020 - 15:43 03-08-2011 - 00:55
CVE-2011-2805 6.8
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.
20-05-2020 - 15:40 03-08-2011 - 00:55
CVE-2011-2802 6.8
Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.
20-05-2020 - 15:38 03-08-2011 - 00:55
CVE-2011-2798 6.8
Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.
20-05-2020 - 15:38 03-08-2011 - 00:55
CVE-2011-2794 6.8
Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
20-05-2020 - 15:35 03-08-2011 - 00:55
CVE-2011-2786 4.3
Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.
20-05-2020 - 15:31 03-08-2011 - 00:55
CVE-2011-2799 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.
20-05-2020 - 15:26 03-08-2011 - 00:55
CVE-2011-2800 4.3
Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.
20-05-2020 - 15:23 03-08-2011 - 00:55
CVE-2011-2795 4.3
Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."
20-05-2020 - 15:19 03-08-2011 - 00:55
CVE-2011-2784 2.1
Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.
20-05-2020 - 15:18 03-08-2011 - 00:55
CVE-2011-2361 4.3
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.
20-05-2020 - 15:15 03-08-2011 - 00:55
CVE-2011-2790 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.
20-05-2020 - 01:49 03-08-2011 - 00:55
CVE-2011-2789 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.
20-05-2020 - 01:49 03-08-2011 - 00:55
CVE-2011-2792 6.8
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.
20-05-2020 - 01:49 03-08-2011 - 00:55
CVE-2011-2819 6.8
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.
19-05-2020 - 16:52 03-08-2011 - 00:55
CVE-2011-2788 6.8
Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.
19-05-2020 - 15:25 03-08-2011 - 00:55
CVE-2011-2787 4.3
Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
19-05-2020 - 15:13 03-08-2011 - 00:55
CVE-2011-2839 7.5
The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-05-2020 - 14:36 29-08-2011 - 15:55
CVE-2011-2806 10.0
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
19-05-2020 - 14:33 29-08-2011 - 15:55
CVE-2011-2824 7.5
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.
19-05-2020 - 13:48 29-08-2011 - 15:55
CVE-2011-2821 7.5
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
19-05-2020 - 13:43 29-08-2011 - 15:55
CVE-2011-2829 7.5
Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.
19-05-2020 - 13:33 29-08-2011 - 15:55
CVE-2011-2826 7.5
Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.
19-05-2020 - 13:30 29-08-2011 - 15:55
CVE-2011-2827 7.5
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
19-05-2020 - 13:27 29-08-2011 - 15:55
CVE-2011-2825 9.3
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
19-05-2020 - 13:24 29-08-2011 - 15:55
CVE-2011-2823 7.5
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.
19-05-2020 - 13:21 29-08-2011 - 15:55
CVE-2011-2828 7.5
Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
19-05-2020 - 13:14 29-08-2011 - 15:55
CVE-2011-2830 7.5
Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
11-05-2020 - 16:57 28-10-2011 - 02:49
CVE-2011-3873 6.8
Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
11-05-2020 - 16:30 04-10-2011 - 20:55
CVE-2011-2881 6.8
Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
11-05-2020 - 16:29 04-10-2011 - 20:55
CVE-2011-2880 6.8
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
11-05-2020 - 16:29 04-10-2011 - 20:55
CVE-2011-2879 6.8
Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vecto
11-05-2020 - 15:38 04-10-2011 - 20:55
CVE-2011-2878 7.5
Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
08-05-2020 - 21:34 04-10-2011 - 20:55
CVE-2011-2877 6.8
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
08-05-2020 - 21:22 04-10-2011 - 20:55
CVE-2011-2876 6.8
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.
08-05-2020 - 20:28 04-10-2011 - 20:55
CVE-2011-3234 5.0
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 19:29 19-09-2011 - 12:02
CVE-2011-2861 6.8
Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.
08-05-2020 - 19:29 19-09-2011 - 12:02
CVE-2011-2859 6.8
Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.
08-05-2020 - 19:23 19-09-2011 - 12:02
CVE-2011-2860 7.5
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
08-05-2020 - 19:23 19-09-2011 - 12:02
CVE-2011-2852 6.8
Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
08-05-2020 - 19:11 19-09-2011 - 12:02
CVE-2011-2853 7.5
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
08-05-2020 - 19:11 19-09-2011 - 12:02
CVE-2011-2851 5.0
Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 19:10 19-09-2011 - 12:02
CVE-2011-2849 4.3
The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
08-05-2020 - 19:05 19-09-2011 - 12:02
CVE-2011-2848 4.3
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.
08-05-2020 - 19:01 19-09-2011 - 12:02
CVE-2011-2843 5.0
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 19:00 19-09-2011 - 12:02
CVE-2011-2835 6.8
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
08-05-2020 - 18:59 19-09-2011 - 12:02
CVE-2011-2841 6.8
Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
08-05-2020 - 18:59 19-09-2011 - 12:02
CVE-2011-2836 7.5
Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.
08-05-2020 - 18:44 19-09-2011 - 12:02
CVE-2011-2834 6.8
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
08-05-2020 - 18:12 19-09-2011 - 12:02
CVE-2011-2840 4.3
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
08-05-2020 - 17:52 19-09-2011 - 12:02
CVE-2011-2837 7.5
Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors.
08-05-2020 - 17:49 19-09-2011 - 12:02
CVE-2011-2838 7.5
Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.
08-05-2020 - 17:48 19-09-2011 - 12:02
CVE-2011-2842 7.5
The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.
08-05-2020 - 17:47 19-09-2011 - 12:02
CVE-2011-2847 6.8
Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
08-05-2020 - 17:38 19-09-2011 - 12:02
CVE-2011-2844 5.0
Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 17:28 19-09-2011 - 12:02
CVE-2011-2846 6.8
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.
08-05-2020 - 17:24 19-09-2011 - 12:02
CVE-2011-2850 5.0
Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 17:22 19-09-2011 - 12:02
CVE-2011-2854 6.8
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
08-05-2020 - 17:20 19-09-2011 - 12:02
CVE-2011-2855 6.8
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale no
08-05-2020 - 17:19 19-09-2011 - 12:02
CVE-2011-2857 6.8
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
08-05-2020 - 17:14 19-09-2011 - 12:02
CVE-2011-2856 7.5
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
08-05-2020 - 17:08 19-09-2011 - 12:02
CVE-2011-2858 5.0
Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 16:26 19-09-2011 - 12:02
CVE-2011-2862 7.5
Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.
08-05-2020 - 16:23 19-09-2011 - 12:02
CVE-2011-2864 5.0
Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 16:15 19-09-2011 - 12:02
CVE-2011-2874 6.8
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.
08-05-2020 - 16:12 19-09-2011 - 12:02
CVE-2011-2875 6.8
Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
08-05-2020 - 16:08 19-09-2011 - 12:02
CVE-2011-3917 7.5
Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
08-05-2020 - 14:32 13-12-2011 - 21:55
CVE-2011-3916 5.0
Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 14:31 13-12-2011 - 21:55
CVE-2011-3913 7.5
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.
08-05-2020 - 14:28 13-12-2011 - 21:55
CVE-2011-3912 7.5
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
08-05-2020 - 14:25 13-12-2011 - 21:55
CVE-2011-3911 5.0
Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 14:25 13-12-2011 - 21:55
CVE-2011-3908 5.0
Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 14:24 13-12-2011 - 21:55
CVE-2011-3900 7.5
Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.
08-05-2020 - 14:23 17-11-2011 - 23:55
CVE-2011-3898 7.5
Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.
08-05-2020 - 14:21 11-11-2011 - 11:55
CVE-2011-3897 6.8
Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.
08-05-2020 - 14:17 11-11-2011 - 11:55
CVE-2011-3895 7.5
Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
08-05-2020 - 14:17 11-11-2011 - 11:55
CVE-2011-3972 5.0
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 13:44 09-02-2012 - 04:10
CVE-2011-3894 7.5
Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.
08-05-2020 - 13:43 11-11-2011 - 11:55
CVE-2011-3893 5.0
Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 13:39 11-11-2011 - 11:55
CVE-2011-3892 7.5
Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
08-05-2020 - 12:57 11-11-2011 - 11:55
CVE-2011-3914 7.5
The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bou
07-05-2020 - 20:20 13-12-2011 - 21:55
CVE-2011-3909 5.0
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
07-05-2020 - 20:19 13-12-2011 - 21:55
CVE-2011-3906 5.0
The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
07-05-2020 - 19:24 13-12-2011 - 21:55
CVE-2011-3915 7.5
Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.
07-05-2020 - 19:11 13-12-2011 - 21:55
CVE-2011-3905 5.0
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
07-05-2020 - 19:05 13-12-2011 - 21:55
CVE-2011-3919 7.5
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
07-05-2020 - 19:05 07-01-2012 - 11:55
CVE-2011-3921 7.5
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.
07-05-2020 - 18:44 07-01-2012 - 11:55
CVE-2011-3922 7.5
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.
07-05-2020 - 18:43 07-01-2012 - 11:55
CVE-2011-3924 7.5
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
07-05-2020 - 18:42 24-01-2012 - 04:03
CVE-2011-3925 7.5
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation
07-05-2020 - 18:37 24-01-2012 - 04:03
CVE-2011-3926 7.5
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
07-05-2020 - 18:36 24-01-2012 - 04:03
CVE-2011-3927 7.5
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
07-05-2020 - 18:25 24-01-2012 - 04:03
CVE-2011-3928 7.5
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
07-05-2020 - 18:24 24-01-2012 - 04:03
CVE-2011-3904 7.5
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.
07-05-2020 - 18:14 13-12-2011 - 21:55
CVE-2011-3896 7.5
Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.
07-05-2020 - 18:07 11-11-2011 - 11:55
CVE-2011-3903 5.0
Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
07-05-2020 - 18:06 13-12-2011 - 21:55
CVE-2011-3910 5.0
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
07-05-2020 - 13:51 13-12-2011 - 21:55
CVE-2011-3907 4.3
The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.
07-05-2020 - 13:51 13-12-2011 - 21:55
CVE-2011-3015 6.8
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
16-04-2020 - 17:30 16-02-2012 - 20:55
CVE-2011-3016 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
16-04-2020 - 17:29 16-02-2012 - 20:55
CVE-2011-3017 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
16-04-2020 - 17:27 16-02-2012 - 20:55
CVE-2011-3018 7.5
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.
16-04-2020 - 17:25 16-02-2012 - 20:55
CVE-2011-3019 6.8
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.
16-04-2020 - 17:25 16-02-2012 - 20:55
CVE-2011-3020 6.8
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
16-04-2020 - 17:21 16-02-2012 - 20:55
CVE-2011-3021 7.5
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
16-04-2020 - 16:58 16-02-2012 - 20:55
CVE-2011-3022 5.0
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
16-04-2020 - 16:49 16-02-2012 - 20:55
CVE-2011-3023 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.
16-04-2020 - 16:45 16-02-2012 - 20:55
CVE-2011-3025 4.3
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
16-04-2020 - 16:41 16-02-2012 - 20:55
CVE-2011-3024 4.3
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
16-04-2020 - 16:41 16-02-2012 - 20:55
CVE-2011-3026 6.8
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
16-04-2020 - 16:37 16-02-2012 - 20:55
CVE-2011-3027 4.3
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
16-04-2020 - 16:19 16-02-2012 - 20:55
CVE-2011-3045 6.8
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly exe
14-04-2020 - 16:06 22-03-2012 - 16:55
CVE-2009-4212 10.0
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly
21-01-2020 - 15:45 13-01-2010 - 19:30
CVE-2009-0844 5.8
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that tri
21-01-2020 - 15:45 09-04-2009 - 00:30
CVE-2009-0845 5.0
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via in
21-01-2020 - 15:45 27-03-2009 - 16:30
CVE-2009-4028 6.8
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary
17-12-2019 - 20:26 30-11-2009 - 17:30
CVE-2010-1850 6.0
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
17-12-2019 - 20:26 08-06-2010 - 00:30
CVE-2009-4019 4.0
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use
17-12-2019 - 20:26 30-11-2009 - 17:30
CVE-2010-1848 6.5
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tab
17-12-2019 - 20:26 08-06-2010 - 00:30
CVE-2010-1849 5.0
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum lengt
17-12-2019 - 20:26 08-06-2010 - 00:30
CVE-2009-0819 4.0
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," wh
17-12-2019 - 20:23 05-03-2009 - 02:30
CVE-2010-1029 5.0
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (ap
26-09-2019 - 17:05 19-03-2010 - 21:30
CVE-2008-2100 7.2
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS u
14-08-2019 - 11:29 05-06-2008 - 20:32
CVE-2011-1300 10.0
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google C
18-07-2019 - 12:28 15-04-2011 - 19:55
CVE-2002-0863 5.0
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka
30-04-2019 - 14:27 11-10-2002 - 04:00
CVE-2010-0035 6.3
The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of ser
30-04-2019 - 14:27 10-02-2010 - 18:30
CVE-2008-0088 6.8
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted
30-04-2019 - 14:27 12-02-2008 - 21:00
CVE-2009-1139 7.8
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (m
30-04-2019 - 14:27 10-06-2009 - 18:00
CVE-2008-4114 7.1
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact vi
26-02-2019 - 14:04 16-09-2008 - 23:00
CVE-2009-2497 9.3
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser appl
26-02-2019 - 14:04 14-10-2009 - 10:30
CVE-2009-3677 10.0
The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol
26-02-2019 - 14:04 09-12-2009 - 18:30
CVE-2010-2568 9.3
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not prope
26-02-2019 - 14:04 22-07-2010 - 05:43
CVE-2010-0483 7.6
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (
26-02-2019 - 14:04 03-03-2010 - 19:30
CVE-2009-0088 9.3
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2009-0090 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application
26-02-2019 - 14:04 14-10-2009 - 10:30
CVE-2009-1133 9.3
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unsp
26-02-2019 - 14:04 12-08-2009 - 17:30
CVE-2009-0091 9.3
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a craf
26-02-2019 - 14:04 14-10-2009 - 10:30
CVE-2011-3866 4.3
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
29-11-2018 - 16:02 29-09-2011 - 00:55
CVE-2011-3002 9.3
Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application
29-11-2018 - 16:02 29-09-2011 - 00:55
CVE-2011-3003 10.0
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting
29-11-2018 - 16:02 29-09-2011 - 00:55
CVE-2011-2822 10.0
Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.
29-11-2018 - 15:50 29-08-2011 - 15:55
CVE-2011-2455 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:41 11-11-2011 - 16:55
CVE-2011-2453 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:40 11-11-2011 - 16:55
CVE-2011-2454 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:40 11-11-2011 - 16:55
CVE-2011-2452 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:39 11-11-2011 - 16:55
CVE-2011-2459 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2451 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2460 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2456 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecifi
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2450 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (he
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2457 10.0
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code v
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2458 9.3
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2445 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:36 11-11-2011 - 16:55
CVE-2010-1230 10.0
Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.
16-11-2018 - 16:28 01-04-2010 - 22:30
CVE-2010-0650 2.6
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
16-11-2018 - 16:13 18-02-2010 - 18:00
CVE-2010-0159 10.0
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
16-11-2018 - 15:56 22-02-2010 - 13:00
CVE-2009-4538 10.0
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a r
16-11-2018 - 15:53 12-01-2010 - 17:30
CVE-2009-4537 7.8
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via
16-11-2018 - 15:52 12-01-2010 - 17:30
CVE-2009-4536 7.8
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypas
16-11-2018 - 15:51 12-01-2010 - 17:30
CVE-2008-4917 7.2
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through
02-11-2018 - 13:44 09-12-2008 - 00:30
CVE-2008-4915 6.9
The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through
02-11-2018 - 13:43 10-11-2008 - 14:12
CVE-2008-4279 6.8
The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231;
02-11-2018 - 13:06 06-10-2008 - 19:54
CVE-2009-2524 7.8
Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and
30-10-2018 - 16:27 14-10-2009 - 10:30
CVE-2010-0250 9.3
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Win
30-10-2018 - 16:27 10-02-2010 - 18:30
CVE-2012-0454 7.5
Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to caus
30-10-2018 - 16:27 14-03-2012 - 19:55
CVE-2010-4454 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4450 3.7
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux all
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4466 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remot
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4448 2.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java ap
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2007-5671 4.4
HGFS.sys in the VMware Tools package in VMware Workstation 5.x before 5.5.6 build 80404, VMware Player before 1.0.6 build 80404, VMware ACE before 1.0.5 build 79846, VMware Server before 1.0.5 build 80187, and VMware ESX 2.5.4 through 3.0.2 does not
30-10-2018 - 16:26 05-06-2008 - 20:32
CVE-2010-4469 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4473 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4462 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4447 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4475 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4476 5.0
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows rem
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4465 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-3541 5.1
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-3882 7.5
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6
30-10-2018 - 16:26 09-11-2009 - 19:30
CVE-2009-3864 7.5
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2009-3876 5.0
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2011-2425 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2426 9.3
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2009-3877 5.0
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2011-2429 5.0
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2011-2110 10.0
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exp
30-10-2018 - 16:26 16-06-2011 - 23:55
CVE-2011-2416 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2139 6.4
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Pol
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2010-2215 4.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2009-3800 9.3
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2011-2107 4.3
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
30-10-2018 - 16:26 09-06-2011 - 02:38
CVE-2011-2140 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2010-2884 9.3
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS
30-10-2018 - 16:26 15-09-2010 - 18:00
CVE-2010-2213 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2009-3799 9.3
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers me
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2011-2136 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3875 5.0
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2011-2414 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2138 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2010-3548 5.0
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the p
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-3796 9.3
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2011-2137 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2011-2427 9.3
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2011-2417 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3951 7.1
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exis
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2009-3883 7.5
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to
30-10-2018 - 16:26 09-11-2009 - 19:30
CVE-2011-2135 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3794 9.3
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2010-3549 6.8
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2011-2130 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2009-3865 9.3
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2009-3728 5.0
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local Internation
30-10-2018 - 16:26 09-11-2009 - 19:30
CVE-2009-3798 9.3
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2011-2428 9.3
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic err
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2010-2216 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2011-2424 9.3
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or
30-10-2018 - 16:26 15-08-2011 - 21:55
CVE-2011-2415 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2134 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2010-2214 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2011-2444 4.3
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2011-2430 9.3
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2010-0842 7.5
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0560 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0608 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0578 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a d
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0579 5.0
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2010-0186 6.8
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain r
30-10-2018 - 16:26 15-02-2010 - 18:30
CVE-2011-0866 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0864 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0626 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0577 9.3
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2010-0849 7.5
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0559 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a d
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0607 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2010-0087 7.5
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unkn
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0628 9.3
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.
30-10-2018 - 16:26 31-05-2011 - 20:55
CVE-2011-0619 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2012-0772 10.0
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cau
30-10-2018 - 16:26 28-03-2012 - 19:55
CVE-2011-0627 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2010-0084 5.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0847 7.5
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0571 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2010-0846 7.5
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: t
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0839 7.5
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http:
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0865 2.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2012-0768 10.0
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary
30-10-2018 - 16:26 05-03-2012 - 21:55
CVE-2011-0624 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0618 9.3
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0558 9.3
Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0575 6.9
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Sea
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2010-0848 7.5
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: htt
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0844 7.5
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0088 6.8
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0841 7.5
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previou
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0871 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2010-0840 7.5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0209 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-221
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2011-0625 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0815 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0862 10.0
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and avail
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0802 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2010-0089 5.0
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. Per: http://www.oracle.com/te
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0091 4.3
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2010-0082 5.1
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. P
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2008-0967 6.9
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build
30-10-2018 - 16:26 05-06-2008 - 20:32
CVE-2011-0561 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0814 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2010-0095 6.8
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0867 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0622 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0609 9.3
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9
30-10-2018 - 16:26 15-03-2011 - 17:55
CVE-2011-0574 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0621 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0573 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2010-0085 5.1
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2012-0769 5.0
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to ob
30-10-2018 - 16:26 05-03-2012 - 21:55
CVE-2011-0623 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0572 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2010-0093 5.1
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a
30-10-2018 - 16:26 01-04-2010 - 16:30
CVE-2011-0620 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2010-0187 4.3
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
30-10-2018 - 16:26 15-02-2010 - 18:30
CVE-2010-3631 9.3
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
30-10-2018 - 16:25 06-10-2010 - 17:00
CVE-2010-3624 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html 'This update
30-10-2018 - 16:25 06-10-2010 - 17:00
CVE-2009-3954 10.0
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." Per: http://www.adobe.com
30-10-2018 - 16:25 13-01-2010 - 19:30
CVE-2010-2176 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2163 9.3
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-1929 9.3
Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code v
30-10-2018 - 16:25 12-08-2009 - 17:30
CVE-2010-2201 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator,
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2187 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2175 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2164 9.3
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a c
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2883 9.3
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF documen
30-10-2018 - 16:25 09-09-2010 - 22:00
CVE-2010-2206 9.3
Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and tri
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2177 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2184 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2171 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2168 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerabil
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-1295 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202,
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2009-3956 10.0
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerabi
30-10-2018 - 16:25 13-01-2010 - 19:30
CVE-2009-3872 9.3
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3675 6.8
LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request ove
30-10-2018 - 16:25 09-12-2009 - 18:30
CVE-2010-2210 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2181 9.3
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3868 9.3
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a c
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2010-2185 9.3
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2167 9.3
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2161 9.3
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Per: http://www.adobe.com/support/secu
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3958 10.0
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote
30-10-2018 - 16:25 13-01-2010 - 19:30
CVE-2010-2207 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2173 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator,
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3873 9.3
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem,"
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3869 9.3
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and S
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3793 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2205 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb1
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2183 9.3
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2202 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2189 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute a
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3957 5.0
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-02
30-10-2018 - 16:25 13-01-2010 - 19:30
CVE-2009-3871 9.3
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2010-2188 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 conn
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-4324 9.3
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZL
30-10-2018 - 16:25 15-12-2009 - 02:30
CVE-2010-1285 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that trigge
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2009-3953 10.0
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMe
30-10-2018 - 16:25 13-01-2010 - 19:30
CVE-2009-3874 9.3
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary co
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3959 10.0
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Per: http://www.adobe.com/support/secur
30-10-2018 - 16:25 13-01-2010 - 19:30
CVE-2009-3867 9.3
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2010-2174 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operat
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2166 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2178 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3955 10.0
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer si
30-10-2018 - 16:25 13-01-2010 - 19:30
CVE-2010-2180 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2204 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://www.adobe.com/supp
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2170 9.3
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2162 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calcula
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2208 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/suppo
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2160 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumente
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2211 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2169 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: http://www.ado
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-1799 9.3
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
30-10-2018 - 16:25 16-08-2010 - 18:39
CVE-2010-2165 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2182 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2209 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-2186 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. P
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2212 9.3
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a cra
30-10-2018 - 16:25 30-06-2010 - 18:30
CVE-2010-0178 7.6
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript wit
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0169 5.0
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings i
30-10-2018 - 16:25 25-03-2010 - 21:00
CVE-2010-0182 4.3
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0204 9.3
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0196 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0201 9.3
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0177 9.3
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to ex
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0198 9.3
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2009-1303 5.0
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGE
30-10-2018 - 16:25 22-04-2009 - 18:30
CVE-2008-0960 10.0
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Dat
30-10-2018 - 16:25 10-06-2008 - 18:32
CVE-2010-0167 9.3
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash)
30-10-2018 - 16:25 25-03-2010 - 21:00
CVE-2010-0174 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0173 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and applica
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0202 9.3
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2011-0605 6.8
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2010-0191 9.3
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0192 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0175 9.3
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of se
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0176 9.3
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0193 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0203 9.3
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0179 5.1
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0199 9.3
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0171 4.3
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) at
30-10-2018 - 16:25 25-03-2010 - 21:00
CVE-2010-0197 9.3
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0190 4.3
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2010-0195 9.3
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2009-1311 4.3
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during
30-10-2018 - 16:25 22-04-2009 - 18:30
CVE-2011-0568 6.8
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2010-0194 9.3
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197,
30-10-2018 - 16:25 14-04-2010 - 16:00
CVE-2009-0087 9.3
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to exe
30-10-2018 - 16:25 15-04-2009 - 08:00
CVE-2010-0181 4.3
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial o
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2009-3126 9.3
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
12-10-2018 - 21:52 14-10-2009 - 10:30
CVE-2009-2502 9.3
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2495 7.8
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obt
12-10-2018 - 21:51 29-07-2009 - 17:30
CVE-2009-2501 9.3
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 G
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2500 9.3
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2493 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,
12-10-2018 - 21:51 29-07-2009 - 17:30
CVE-2009-2505 10.0
The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute a
12-10-2018 - 21:51 09-12-2009 - 18:30
CVE-2009-2504 9.3
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Mi
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2503 9.3
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold a
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-0556 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value tha
12-10-2018 - 21:50 03-04-2009 - 18:30
CVE-2009-0901 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Serv
12-10-2018 - 21:50 29-07-2009 - 17:30
CVE-2008-5416 9.0
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 an
12-10-2018 - 21:49 10-12-2008 - 14:00
CVE-2009-0102 9.3
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerabi
12-10-2018 - 21:49 09-12-2009 - 18:30
CVE-2009-0217 5.0
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
12-10-2018 - 21:49 14-07-2009 - 23:30
CVE-2008-3466 10.0
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or
12-10-2018 - 21:48 15-10-2008 - 00:12
CVE-2008-2540 9.3
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downlo
12-10-2018 - 21:47 03-06-2008 - 15:32
CVE-2008-1445 7.1
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
12-10-2018 - 21:45 12-06-2008 - 02:32
CVE-2008-0015 9.3
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP
12-10-2018 - 21:44 07-07-2009 - 23:30
CVE-2009-0037 6.8
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or o
11-10-2018 - 20:59 05-03-2009 - 02:30
CVE-2008-4546 4.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP reque
11-10-2018 - 20:52 14-10-2008 - 15:28
CVE-2008-4281 9.3
Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 before ESX350-200810201-UG allows administrators with the Datastore.FileManagement privilege to gain privileges via unknown vectors.
11-10-2018 - 20:51 10-11-2008 - 14:12
CVE-2008-2327 6.8
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file,
11-10-2018 - 20:40 27-08-2008 - 20:41
CVE-2008-2097 9.0
Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
11-10-2018 - 20:39 05-06-2008 - 20:32
CVE-2008-1372 4.3
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
11-10-2018 - 20:32 18-03-2008 - 21:44
CVE-2011-4061 6.9
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the cur
11-10-2018 - 10:29 18-10-2011 - 01:55
CVE-2010-3131 9.3
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbit
10-10-2018 - 20:01 26-08-2010 - 18:36
CVE-2010-2881 9.3
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as de
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2867 9.3
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2870 9.3
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary co
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2872 9.3
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted mov
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2876 9.3
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memo
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2868 9.3
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid val
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2880 9.3
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as d
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2869 9.3
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as de
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2877 9.3
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2882 9.3
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as d
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2878 9.3
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary co
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2879 9.3
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2873 9.3
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitra
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2864 9.3
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as de
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2871 9.3
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record i
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-2866 9.3
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure"
10-10-2018 - 20:00 26-08-2010 - 21:00
CVE-2010-1404 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SV
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1403 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary co
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1749 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1402 9.3
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1397 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-1199 9.3
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
10-10-2018 - 19:56 24-06-2010 - 12:30
CVE-2010-1398 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (mem
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-1392 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-1401 9.3
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-1125 5.8
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visi
10-10-2018 - 19:55 26-03-2010 - 20:30
CVE-2010-0886 10.0
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: htt
10-10-2018 - 19:55 20-04-2010 - 19:30
CVE-2010-0845 5.1
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.ora
10-10-2018 - 19:54 01-04-2010 - 16:30
CVE-2010-0843 7.5
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
10-10-2018 - 19:54 01-04-2010 - 16:30
CVE-2010-0837 7.5
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com
10-10-2018 - 19:53 01-04-2010 - 16:30
CVE-2010-0556 4.3
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive inf
10-10-2018 - 19:53 18-02-2010 - 17:30
CVE-2010-0528 9.3
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample
10-10-2018 - 19:53 31-03-2010 - 18:30
CVE-2010-0529 9.3
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafte
10-10-2018 - 19:53 31-03-2010 - 18:30
CVE-2010-0838 7.5
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
10-10-2018 - 19:53 01-04-2010 - 16:30
CVE-2010-0526 4.3
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPE
10-10-2018 - 19:53 30-03-2010 - 18:30
CVE-2010-0426 6.9
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges vi
10-10-2018 - 19:52 24-02-2010 - 18:30
CVE-2010-0520 6.8
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI
10-10-2018 - 19:52 30-03-2010 - 18:30
CVE-2010-0427 4.4
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
10-10-2018 - 19:52 25-02-2010 - 19:30
CVE-2010-0519 6.8
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles f
10-10-2018 - 19:52 30-03-2010 - 18:30
CVE-2010-0516 6.8
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption wh
10-10-2018 - 19:52 30-03-2010 - 18:30
CVE-2010-0517 6.8
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calcul
10-10-2018 - 19:52 30-03-2010 - 18:30
CVE-2010-0160 10.0
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap me
10-10-2018 - 19:51 22-02-2010 - 13:00
CVE-2010-0164 9.3
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application cras
10-10-2018 - 19:51 25-03-2010 - 21:00
CVE-2010-0090 5.8
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. Per: http://www.oracle.com/technology/deploy
10-10-2018 - 19:50 01-04-2010 - 16:30
CVE-2010-0094 7.5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the p
10-10-2018 - 19:50 01-04-2010 - 16:30
CVE-2010-0092 5.1
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http:/
10-10-2018 - 19:50 01-04-2010 - 16:30
CVE-2010-0062 6.8
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encod
10-10-2018 - 19:49 30-03-2010 - 18:30
CVE-2010-0059 6.8
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to i
10-10-2018 - 19:49 30-03-2010 - 17:30
CVE-2009-4003 9.3
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers t
10-10-2018 - 19:48 21-01-2010 - 19:30
CVE-2009-4002 9.3
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
10-10-2018 - 19:48 21-01-2010 - 19:30
CVE-2009-3731 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1;
10-10-2018 - 19:47 16-12-2009 - 18:30
CVE-2009-1869 9.3
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly
10-10-2018 - 19:38 31-07-2009 - 19:30
CVE-2009-1571 10.0
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that at
10-10-2018 - 19:37 22-02-2010 - 13:00
CVE-2009-1384 5.0
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
10-10-2018 - 19:36 28-05-2009 - 20:30
CVE-2009-1312 4.3
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or
10-10-2018 - 19:35 22-04-2009 - 18:30
CVE-2012-0710 5.0
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.
10-10-2018 - 10:29 20-03-2012 - 20:55
CVE-2012-0711 7.5
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that t
10-10-2018 - 10:29 20-03-2012 - 20:55
CVE-2011-1512 9.3
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.
09-10-2018 - 19:31 31-05-2011 - 20:55
CVE-2009-2285 4.3
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
03-10-2018 - 22:00 01-07-2009 - 13:00
CVE-2009-1309 4.3
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ sco
03-10-2018 - 22:00 22-04-2009 - 18:30
CVE-2009-1307 6.8
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1306 4.3
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other at
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1304 5.0
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1305 5.0
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1302 5.0
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-0772 9.3
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetO
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2009-0776 7.1
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2009-0774 9.3
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different v
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2012-0451 4.3
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0464 7.5
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 all
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0456 5.0
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote atta
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0462 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0458 6.8
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through th
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0461 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0459 7.5
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0460 6.4
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote at
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0457 9.3
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0455 4.3
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on java
18-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-0463 7.5
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does
11-01-2018 - 02:29 14-03-2012 - 19:55
CVE-2012-1797 10.0
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.
10-01-2018 - 02:29 20-03-2012 - 20:55
CVE-2012-1796 7.2
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
10-01-2018 - 02:29 20-03-2012 - 20:55
CVE-2012-0775 10.0
The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
10-01-2018 - 02:29 10-04-2012 - 23:55
CVE-2012-0774 10.0
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
10-01-2018 - 02:29 10-04-2012 - 23:55
CVE-2012-0452 7.5
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger
10-01-2018 - 02:29 11-02-2012 - 02:55
CVE-2011-3545 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confide
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3516 7.6
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiali
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3556 7.5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confident
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3552 2.6
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3549 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java appl
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3548 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java a
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3554 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3521 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect conf
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3560 6.4
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java a
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3551 9.3
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown v
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3544 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and a
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3553 3.5
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3550 7.6
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and avai
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3557 6.8
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confident
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3558 5.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors
06-01-2018 - 02:29 19-10-2011 - 21:55
CVE-2011-3670 5.0
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by makin
29-12-2017 - 02:29 01-02-2012 - 16:55
CVE-2011-3658 7.5
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly hav
29-12-2017 - 02:29 21-12-2011 - 04:02
CVE-2010-4452 10.0
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4470 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4463 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4468 4.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect c
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2011-3555 6.1
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.
22-12-2017 - 02:29 19-10-2011 - 21:55
CVE-2010-4472 2.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4467 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4474 2.1
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4471 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect co
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4451 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via un
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2011-0873 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0786 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0869 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related t
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0868 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0817 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0788 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0872 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0863 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2006-6304 7.5
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
11-10-2017 - 01:31 14-12-2006 - 20:28
CVE-2007-1798 7.2
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.
11-10-2017 - 01:31 02-04-2007 - 22:19
CVE-2007-0648 7.8
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
11-10-2017 - 01:31 01-02-2007 - 01:28
CVE-2007-1257 10.0
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. Per: http://www.cisco.com/warp/public/707/c
11-10-2017 - 01:31 03-03-2007 - 20:19
CVE-2007-0917 6.4
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
11-10-2017 - 01:31 14-02-2007 - 02:28
CVE-2005-0186 5.0
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed p
11-10-2017 - 01:29 19-01-2005 - 05:00
CVE-2009-1864 9.3
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1865 9.3
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulne
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1786 6.9
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
29-09-2017 - 01:34 26-05-2009 - 15:30
CVE-2009-1868 9.3
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors inv
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1866 9.3
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1870 4.9
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1726 9.3
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
29-09-2017 - 01:34 06-08-2009 - 16:30
CVE-2009-1867 4.3
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1863 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-2049 5.4
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t a
29-09-2017 - 01:34 30-07-2009 - 18:30
CVE-2009-1168 7.1
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0;
29-09-2017 - 01:34 30-07-2009 - 18:30
CVE-2009-1355 7.2
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.
29-09-2017 - 01:34 21-04-2009 - 16:24
CVE-2009-0773 10.0
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0914 9.3
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
29-09-2017 - 01:34 16-03-2009 - 19:30
CVE-2009-0775 10.0
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0777 5.8
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0631 7.8
Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol
29-09-2017 - 01:33 27-03-2009 - 15:16
CVE-2009-0114 5.8
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0522 4.3
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." P
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0370 7.2
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
29-09-2017 - 01:33 30-01-2009 - 19:30
CVE-2009-0626 7.8
The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
29-09-2017 - 01:33 27-03-2009 - 16:30
CVE-2009-0633 7.1
Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packet
29-09-2017 - 01:33 27-03-2009 - 16:30
CVE-2009-0628 9.0
Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block
29-09-2017 - 01:33 27-03-2009 - 16:30
CVE-2009-0536 4.9
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
29-09-2017 - 01:33 11-02-2009 - 20:30
CVE-2009-0521 4.6
Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. http
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0634 7.1
Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge
29-09-2017 - 01:33 27-03-2009 - 16:30
CVE-2009-0519 9.3
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0520 9.3
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2008-5384 6.9
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.
29-09-2017 - 01:32 09-12-2008 - 00:30
CVE-2008-5387 6.2
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
29-09-2017 - 01:32 09-12-2008 - 00:30
CVE-2008-4226 10.0
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
29-09-2017 - 01:32 25-11-2008 - 23:30
CVE-2008-4914 4.7
Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk.
29-09-2017 - 01:32 03-02-2009 - 19:30
CVE-2008-4225 7.8
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
29-09-2017 - 01:32 25-11-2008 - 23:30
CVE-2008-4116 9.3
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 o
29-09-2017 - 01:32 18-09-2008 - 15:04
CVE-2008-3810 7.8
Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than C
29-09-2017 - 01:31 26-09-2008 - 16:21
CVE-2008-1710 7.2
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
29-09-2017 - 01:30 09-04-2008 - 19:05
CVE-2008-1597 4.9
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2007-5764 7.2
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
29-09-2017 - 01:29 25-01-2008 - 01:00
CVE-2007-4294 6.8
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
29-09-2017 - 01:29 09-08-2007 - 21:17
CVE-2007-4295 6.8
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
29-09-2017 - 01:29 09-08-2007 - 21:17
CVE-2007-4292 9.3
Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, an
29-09-2017 - 01:29 09-08-2007 - 21:17
CVE-2010-1818 9.3
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted poi
27-09-2017 - 01:29 31-08-2010 - 20:00
CVE-2011-3663 4.3
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3661 7.5
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3650 9.3
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory c
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3664 6.8
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and appl
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3649 2.6
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different dom
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-4693 9.3
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp m
19-09-2017 - 01:34 07-12-2011 - 20:55
CVE-2011-4688 5.0
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache
19-09-2017 - 01:34 07-12-2011 - 19:55
CVE-2011-3666 6.8
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerabilit
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-3653 5.0
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3648 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-4369 10.0
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x
19-09-2017 - 01:34 16-12-2011 - 19:55
CVE-2011-4694 9.3
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp
19-09-2017 - 01:34 07-12-2011 - 20:55
CVE-2011-3647 9.3
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3654 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application cras
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3651 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3652 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-4548 10.0
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
19-09-2017 - 01:34 24-11-2011 - 04:01
CVE-2011-3655 9.3
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3665 7.5
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly han
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2011-4691 5.0
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser
19-09-2017 - 01:34 07-12-2011 - 19:55
CVE-2011-4692 5.0
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the bro
19-09-2017 - 01:34 07-12-2011 - 19:55
CVE-2011-3660 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
19-09-2017 - 01:34 21-12-2011 - 04:02
CVE-2012-0776 10.0
The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
19-09-2017 - 01:34 10-04-2012 - 23:55
CVE-2012-0712 4.0
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
19-09-2017 - 01:34 20-03-2012 - 20:55
CVE-2012-0447 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG ima
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0709 4.0
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL
19-09-2017 - 01:34 20-03-2012 - 20:55
CVE-2012-0446 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, r
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0695 10.0
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
19-09-2017 - 01:34 12-01-2012 - 18:55
CVE-2012-0450 2.1
Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0445 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name at
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0443 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2011-3420 10.0
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
19-09-2017 - 01:33 12-09-2011 - 12:40
CVE-2011-3421 10.0
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
19-09-2017 - 01:33 12-09-2011 - 12:40
CVE-2011-3232 9.3
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2993 9.3
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypas
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2989 10.0
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and appl
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2981 9.3
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Sam
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2368 10.0
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2998 10.0
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
19-09-2017 - 01:33 30-09-2011 - 10:55
CVE-2011-3004 4.3
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a craf
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2438 9.3
Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2433 9.3
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2378 10.0
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2440 9.3
Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2377 5.0
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multip
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2991 10.0
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2439 9.3
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2980 7.2
Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Troja
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2435 9.3
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2432 9.3
Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-3001 4.3
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2999 4.3
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a diffe
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2442 9.3
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2599 4.3
Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
19-09-2017 - 01:33 30-06-2011 - 15:55
CVE-2011-2367 6.4
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2987 10.0
Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2984 10.0
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2992 10.0
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possi
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2988 10.0
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2982 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corrupt
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2598 4.3
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.
19-09-2017 - 01:33 30-06-2011 - 15:55
CVE-2011-2366 4.3
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack invo
19-09-2017 - 01:33 30-06-2011 - 15:55
CVE-2011-3005 9.3
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2605 4.3
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass inten
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2373 7.6
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2441 9.3
Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2983 4.3
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2436 9.3
Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2372 3.5
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended ac
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2462 10.0
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory
19-09-2017 - 01:33 07-12-2011 - 19:55
CVE-2011-2995 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application cra
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2985 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and applic
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2761 4.3
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.
19-09-2017 - 01:33 18-07-2011 - 22:55
CVE-2011-2434 9.3
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2990 5.0
The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allow
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2996 10.0
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2986 5.0
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-3000 4.3
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote a
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2997 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitr
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2431 9.3
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2437 9.3
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.
19-09-2017 - 01:33 15-09-2011 - 12:26
CVE-2011-2375 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2374 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2371 10.0
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2370 5.0
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2369 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2376 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
19-09-2017 - 01:33 30-06-2011 - 16:55
CVE-2011-2102 9.3
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb11-16.html 'Note: Updat
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2097 9.3
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2365 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2011-2094 9.3
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2362 5.0
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Se
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2011-1846 6.5
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a
19-09-2017 - 01:32 03-05-2011 - 20:55
CVE-2011-2098 9.3
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2364 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2011-2095 9.3
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-1218 9.3
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third
19-09-2017 - 01:32 31-05-2011 - 20:55
CVE-2011-2105 9.3
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data.
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-1373 1.5
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vecto
19-09-2017 - 01:32 09-11-2011 - 23:55
CVE-2011-2101 9.3
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script exec
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2106 9.3
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-1353 6.9
Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.
19-09-2017 - 01:32 15-09-2011 - 12:26
CVE-2011-1216 9.3
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.
19-09-2017 - 01:32 31-05-2011 - 20:55
CVE-2011-1213 9.3
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ
19-09-2017 - 01:32 31-05-2011 - 20:55
CVE-2011-2103 9.3
Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2099 9.3
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2075 9.3
Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabil
19-09-2017 - 01:32 10-05-2011 - 18:55
CVE-2011-2363 10.0
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
19-09-2017 - 01:32 30-06-2011 - 16:55
CVE-2011-1847 4.9
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOT
19-09-2017 - 01:32 03-05-2011 - 20:55
CVE-2011-1215 9.3
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
19-09-2017 - 01:32 31-05-2011 - 20:55
CVE-2011-2104 4.3
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-1712 4.3
The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain p
19-09-2017 - 01:32 15-04-2011 - 20:55
CVE-2011-2100 6.9
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2096 9.3
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-1214 9.3
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.
19-09-2017 - 01:32 31-05-2011 - 20:55
CVE-2011-1217 9.3
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.
19-09-2017 - 01:32 31-05-2011 - 20:55
CVE-2011-0757 6.5
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this aut
19-09-2017 - 01:32 02-02-2011 - 23:00
CVE-2011-0610 9.3
The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remot
19-09-2017 - 01:32 03-05-2011 - 19:55
CVE-2011-0778 7.5
Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
19-09-2017 - 01:32 04-02-2011 - 18:00
CVE-2011-0731 7.5
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:32 01-02-2011 - 18:00
CVE-2011-0912 9.3
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a
19-09-2017 - 01:32 08-02-2011 - 22:00
CVE-2010-3735 2.1
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-3737 3.5
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-3738 5.0
The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it eas
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-5073 5.0
The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by ca
19-09-2017 - 01:31 07-12-2011 - 19:55
CVE-2010-3732 3.5
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large numbe
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-4422 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
19-09-2017 - 01:31 17-02-2011 - 19:00
CVE-2010-3731 10.0
Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-5074 4.3
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for
19-09-2017 - 01:31 07-12-2011 - 19:55
CVE-2010-3654 9.3
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows r
19-09-2017 - 01:31 29-10-2010 - 19:00
CVE-2010-5069 4.3
The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may
19-09-2017 - 01:31 07-12-2011 - 19:55
CVE-2010-3734 5.0
The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-3736 4.0
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-3740 4.0
The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption a
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-3623 9.3
Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-2
19-09-2017 - 01:31 06-10-2010 - 17:00
CVE-2010-3733 7.2
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.
19-09-2017 - 01:31 05-10-2010 - 18:00
CVE-2010-3475 4.0
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE sta
19-09-2017 - 01:31 20-09-2010 - 22:00
CVE-2010-3169 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memor
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2874 9.3
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by th
19-09-2017 - 01:31 07-09-2010 - 18:00
CVE-2010-2862 9.3
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
19-09-2017 - 01:31 05-08-2010 - 18:17
CVE-2010-2768 4.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2752 9.3
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Casc
19-09-2017 - 01:31 30-07-2010 - 20:30
CVE-2010-3167 9.3
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to e
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2875 9.3
Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.
19-09-2017 - 01:31 26-08-2010 - 21:00
CVE-2010-2764 4.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2285 3.3
The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NU
19-09-2017 - 01:31 15-06-2010 - 14:04
CVE-2010-2760 9.3
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code v
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3474 5.0
IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these f
19-09-2017 - 01:31 20-09-2010 - 22:00
CVE-2010-3168 9.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to c
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2284 8.3
Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
19-09-2017 - 01:31 15-06-2010 - 14:04
CVE-2010-2755 10.0
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
19-09-2017 - 01:31 30-07-2010 - 13:26
CVE-2010-2754 5.0
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving
19-09-2017 - 01:31 30-07-2010 - 13:26
CVE-2010-2770 9.3
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2766 9.3
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might al
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2283 3.3
The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL P
19-09-2017 - 01:31 15-06-2010 - 14:04
CVE-2010-3197 5.0
IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.
19-09-2017 - 01:31 31-08-2010 - 22:00
CVE-2010-2767 9.3
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2865 5.0
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service via unknown vectors.
19-09-2017 - 01:31 26-08-2010 - 21:00
CVE-2010-3182 6.9
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allow
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-2287 8.3
Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.
19-09-2017 - 01:31 15-06-2010 - 14:04
CVE-2010-2762 6.8
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attacker
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3195 5.0
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."
19-09-2017 - 01:31 31-08-2010 - 22:00
CVE-2010-3166 9.3
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute ar
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2769 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-3194 7.5
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.
19-09-2017 - 01:31 31-08-2010 - 22:00
CVE-2010-3193 10.0
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.
19-09-2017 - 01:31 31-08-2010 - 22:00
CVE-2010-3196 3.5
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
19-09-2017 - 01:31 31-08-2010 - 22:00
CVE-2010-2863 10.0
Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
19-09-2017 - 01:31 26-08-2010 - 21:00
CVE-2010-2751 2.6
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vecto
19-09-2017 - 01:31 30-07-2010 - 20:30
CVE-2010-2763 4.3
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2887 9.3
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html 'This update resolves multiple pot
19-09-2017 - 01:31 06-10-2010 - 17:00
CVE-2010-2765 9.3
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2010-2286 3.3
The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
19-09-2017 - 01:31 15-06-2010 - 14:04
CVE-2011-0078 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0077 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0076 7.5
Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0054 10.0
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvar
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0061 9.3
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0057 10.0
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and gar
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0075 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0059 6.8
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugi
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0085 10.0
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues t
19-09-2017 - 01:31 30-06-2011 - 16:55
CVE-2011-0066 10.0
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0074 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0070 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0069 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0062 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0067 5.0
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the au
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0056 10.0
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0080 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption a
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0073 10.0
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0083 10.0
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
19-09-2017 - 01:31 30-06-2011 - 16:55
CVE-2011-0055 10.0
Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to t
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0079 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0065 10.0
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0081 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possib
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0058 10.0
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers const
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0084 10.0
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text,
19-09-2017 - 01:31 18-08-2011 - 18:55
CVE-2011-0082 4.3
The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untruste
19-09-2017 - 01:31 06-06-2011 - 19:55
CVE-2011-0053 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and appl
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2011-0071 5.0
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load res
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0072 10.0
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
19-09-2017 - 01:31 07-05-2011 - 18:55
CVE-2011-0051 6.8
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demon
19-09-2017 - 01:31 02-03-2011 - 20:00
CVE-2010-2172 4.3
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html 'This update resolves a denial of service is
19-09-2017 - 01:30 15-06-2010 - 18:00
CVE-2010-1758 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1759 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1215 6.8
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrom
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1198 9.3
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1196 9.3
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM nod
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1807 9.3
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (applic
19-09-2017 - 01:30 10-09-2010 - 19:00
CVE-2010-1232 5.0
Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1209 9.3
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM no
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1771 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1414 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1400 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1384 4.3
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to cond
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1211 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of se
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1422 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1412 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1212 9.3
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1416 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attacke
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1385 9.3
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF d
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1240 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arb
19-09-2017 - 01:30 05-04-2010 - 15:30
CVE-2010-1231 7.5
Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1234 7.5
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1197 4.3
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1121 10.0
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involv
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-1418 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC at
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1408 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, relate
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1202 9.3
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption a
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1750 9.3
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1237 7.5
Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1229 10.0
The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1207 4.3
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node d
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1421 4.3
The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to m
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1389 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involvi
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1228 10.0
Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1806 9.3
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
19-09-2017 - 01:30 10-09-2010 - 19:00
CVE-2010-1241 9.3
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt
19-09-2017 - 01:30 05-04-2010 - 15:30
CVE-2010-1213 4.3
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows r
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1805 6.9
Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been d
19-09-2017 - 01:30 10-09-2010 - 19:00
CVE-2010-1560 4.0
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.
19-09-2017 - 01:30 27-04-2010 - 15:30
CVE-2010-1415 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash)
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1406 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remot
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1417 9.3
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory co
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1410 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1761 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1419 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application cr
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1396 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1391 4.3
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-2203 6.8
Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-15.html 'This update
19-09-2017 - 01:30 30-06-2010 - 18:30
CVE-2010-1774 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1762 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a T
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1487 2.1
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
19-09-2017 - 01:30 20-04-2010 - 15:30
CVE-2010-1235 4.3
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1210 4.3
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to cond
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1409 5.8
Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service po
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1405 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HT
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1395 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constru
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1399 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1394 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML docume
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1119 10.0
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of serv
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-1413 5.0
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information v
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1390 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper U
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1764 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1200 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and
19-09-2017 - 01:30 24-06-2010 - 12:30
CVE-2010-1608 10.0
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, thi
19-09-2017 - 01:30 29-04-2010 - 17:30
CVE-2010-1393 4.3
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1236 4.3
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows r
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1233 10.0
Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.
19-09-2017 - 01:30 01-04-2010 - 22:30
CVE-2010-1297 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a den
19-09-2017 - 01:30 08-06-2010 - 18:30
CVE-2010-1206 4.3
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the ab
19-09-2017 - 01:30 25-06-2010 - 19:30
CVE-2010-1214 9.3
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-0658 9.3
Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0649 9.3
Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0532 6.9
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htm
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0382 7.6
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to ha
19-09-2017 - 01:30 22-01-2010 - 22:00
CVE-2010-0047 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." Per: http://lists.ap
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0043 9.3
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Per: http://lists.apple.com/archi
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0051 4.3
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. Per: http://li
19-09-2017 - 01:30 15-03-2010 - 14:15
CVE-2010-0531 4.3
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0163 4.3
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly
19-09-2017 - 01:30 23-03-2010 - 00:53
CVE-2010-0097 4.3
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a f
19-09-2017 - 01:30 22-01-2010 - 22:00
CVE-2010-0045 9.3
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. Per: http://lists.apple.com/archives/security-announce/201
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-1028 9.3
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a b
19-09-2017 - 01:30 19-03-2010 - 21:30
CVE-2010-0041 4.3
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0645 9.3
Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0462 6.5
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
19-09-2017 - 01:30 28-01-2010 - 20:30
CVE-2010-0663 5.0
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive infor
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0661 6.8
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0042 4.3
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0220 5.0
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an acco
19-09-2017 - 01:30 07-01-2010 - 19:30
CVE-2010-0046 9.3
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. Per: http://
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0514 6.8
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
19-09-2017 - 01:30 30-03-2010 - 18:30
CVE-2010-0048 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. Per: http://lists.apple.com/archives/security-announce/
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0655 9.3
Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window duri
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0643 4.3
Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via s
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0657 9.3
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sens
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0172 4.3
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might a
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-0166 5.1
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-0161 4.3
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial o
19-09-2017 - 01:30 23-03-2010 - 00:53
CVE-2010-0647 9.3
WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0054 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. Per: http://lists.apple.com/archives/secur
19-09-2017 - 01:30 15-03-2010 - 14:15
CVE-2010-0168 7.6
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-0646 10.0
Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0544 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malforme
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-0315 5.0
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK elem
19-09-2017 - 01:30 14-01-2010 - 19:30
CVE-2010-0651 4.3
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, whi
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0379 9.3
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not rela
19-09-2017 - 01:30 21-01-2010 - 23:30
CVE-2010-0654 4.3
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0960 7.2
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
19-09-2017 - 01:30 10-03-2010 - 22:30
CVE-2010-0188 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
19-09-2017 - 01:30 22-02-2010 - 13:00
CVE-2010-0659 9.3
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file tha
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0518 6.8
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
19-09-2017 - 01:30 30-03-2010 - 18:30
CVE-2010-0660 5.0
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP l
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0049 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. Per: http://lists.a
19-09-2017 - 01:30 15-03-2010 - 14:15
CVE-2010-0044 4.3
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Per: http://lists.ap
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0060 6.8
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.
19-09-2017 - 01:30 30-03-2010 - 18:30
CVE-2010-0053 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. Pe
19-09-2017 - 01:30 15-03-2010 - 14:15
CVE-2010-0644 4.3
Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrat
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0664 5.0
Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and appl
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0527 9.3
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Per: http://lists.apple.com/archives/security-announce/2010//Mar/
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0304 7.5
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the
19-09-2017 - 01:30 03-02-2010 - 18:30
CVE-2010-0536 9.3
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. Per: http://lists.apple.com/archives/security-announce/2010//Mar
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0472 5.0
kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.
19-09-2017 - 01:30 02-02-2010 - 18:30
CVE-2010-0040 9.3
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a
19-09-2017 - 01:30 15-03-2010 - 13:28
CVE-2010-0586 7.8
Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Clie
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-0656 4.3
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibl
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0165 9.3
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitr
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-0662 5.0
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0162 4.3
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving S
19-09-2017 - 01:30 22-02-2010 - 13:00
CVE-2010-0515 6.8
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
19-09-2017 - 01:30 30-03-2010 - 18:30
CVE-2010-0170 4.3
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specifi
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-0052 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." Per: http://lists.apple.com/a
19-09-2017 - 01:30 15-03-2010 - 14:15
CVE-2009-3987 7.8
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3981 9.3
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3880 5.0
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitiv
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3884 5.0
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-4355 5.0
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to
19-09-2017 - 01:29 14-01-2010 - 19:30
CVE-2009-3886 7.5
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3984 6.8
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3983 6.8
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3797 9.3
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
19-09-2017 - 01:29 10-12-2009 - 19:30
CVE-2009-2869 7.8
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to cause a denial of service (device reload) via a crafted NTPv4 packet, aka Bug IDs CSCsu24505 and CSCsv75948.
19-09-2017 - 01:29 28-09-2009 - 19:30
CVE-2009-2867 7.8
Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2XND, 12.4T, 12.4XZ, and 12.4YA, when Zone-Based Policy Firewall SIP Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted SIP tr
19-09-2017 - 01:29 28-09-2009 - 19:30
CVE-2009-3985 6.8
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3979 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash)
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3881 7.5
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak v
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3729 5.0
Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780.
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3988 5.0
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-s
19-09-2017 - 01:29 22-02-2010 - 13:00
CVE-2009-2837 6.8
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
19-09-2017 - 01:29 10-11-2009 - 19:30
CVE-2009-3885 5.0
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a rela
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3879 7.5
Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are re
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3982 9.3
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-2695 7.2
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the
19-09-2017 - 01:29 28-08-2009 - 15:30
CVE-2009-2488 4.9
Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations."
19-09-2017 - 01:29 16-07-2009 - 16:30
CVE-2009-3986 7.6
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3866 9.3
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP fil
19-09-2017 - 01:29 05-11-2009 - 16:30
CVE-2009-3286 4.6
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privi
19-09-2017 - 01:29 22-09-2009 - 10:30
CVE-2009-3980 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3736 6.9
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a T
19-09-2017 - 01:29 29-11-2009 - 13:07
CVE-2009-3389 9.3
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a vid
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3388 9.3
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
19-09-2017 - 01:29 17-12-2009 - 17:30
CVE-2009-3563 6.4
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
19-09-2017 - 01:29 09-12-2009 - 18:30
Back to Top Mark selected
Back to Top