Max CVSS 10.0 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2003-0813 5.1
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one th
15-02-2024 - 21:19 17-11-2003 - 05:00
CVE-2009-4017 5.0
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier f
15-02-2024 - 21:16 24-11-2009 - 00:30
CVE-2004-0184 5.0
Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversio
15-02-2024 - 21:09 04-05-2004 - 04:00
CVE-2004-0183 5.0
TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Tes
15-02-2024 - 20:53 04-05-2004 - 04:00
CVE-2009-2857 4.9
The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) v
15-02-2024 - 20:42 19-08-2009 - 17:30
CVE-2006-2374 2.1
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file hand
15-02-2024 - 20:22 13-06-2006 - 19:06
CVE-2009-1195 4.9
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Opti
15-02-2024 - 18:54 28-05-2009 - 20:30
CVE-2003-0190 5.0
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
15-02-2024 - 18:46 12-05-2003 - 04:00
CVE-2008-0087 8.8
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
14-02-2024 - 16:54 08-04-2008 - 23:05
CVE-2005-1921 7.5
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) Mail
14-02-2024 - 15:41 05-07-2005 - 04:00
CVE-2003-0430 5.0
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.
14-02-2024 - 01:17 24-07-2003 - 04:00
CVE-2004-0505 5.0
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
14-02-2024 - 01:17 18-08-2004 - 04:00
CVE-2004-0506 5.0
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
14-02-2024 - 01:17 18-08-2004 - 04:00
CVE-2004-0507 10.0
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
14-02-2024 - 01:17 18-08-2004 - 04:00
CVE-2004-0504 5.0
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
14-02-2024 - 01:17 18-08-2004 - 04:00
CVE-2006-4692 5.1
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slas
13-02-2024 - 17:50 10-10-2006 - 22:07
CVE-2008-1440 7.1
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang)
13-02-2024 - 16:09 12-06-2008 - 02:32
CVE-2007-2442 10.0
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cl
09-02-2024 - 03:23 26-06-2007 - 22:30
CVE-2009-0846 10.0
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code
09-02-2024 - 03:21 09-04-2009 - 00:30
CVE-2008-3475 9.3
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a craft
08-02-2024 - 23:46 15-10-2008 - 00:12
CVE-2010-2753 9.3
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a X
03-02-2024 - 02:26 30-07-2010 - 20:30
CVE-2010-0378 9.3
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memo
03-02-2024 - 02:21 21-01-2010 - 23:30
CVE-2009-0023 4.3
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2)
02-02-2024 - 16:32 08-06-2009 - 01:00
CVE-2004-0642 7.5
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
02-02-2024 - 15:27 28-09-2004 - 04:00
CVE-2009-1955 5.0
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via
02-02-2024 - 14:11 08-06-2009 - 01:00
CVE-2008-0599 10.0
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
02-02-2024 - 13:52 05-05-2008 - 17:20
CVE-2003-0252 10.0
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain ne
02-02-2024 - 02:56 18-08-2003 - 04:00
CVE-2004-0427 2.1
The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activated, which triggers a memory leak that allows loca
26-01-2024 - 18:56 07-07-2004 - 04:00
CVE-2010-0013 5.0
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) requ
26-01-2024 - 17:47 09-01-2010 - 18:30
CVE-2005-1111 3.7
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
26-01-2024 - 17:07 02-05-2005 - 04:00
CVE-2007-4465 4.3
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
19-01-2024 - 15:13 14-09-2007 - 00:17
CVE-2004-0079 5.0
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
28-12-2023 - 15:33 23-11-2004 - 05:00
CVE-2010-1452 5.0
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
01-11-2023 - 15:32 28-07-2010 - 20:00
CVE-2013-1315 9.3
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to exec
03-10-2023 - 15:37 11-09-2013 - 14:03
CVE-2008-2315 7.5
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7)
02-08-2023 - 17:14 01-08-2008 - 14:41
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
12-05-2023 - 12:58 08-02-2013 - 19:55
CVE-2007-2586 9.3
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that i
09-05-2023 - 13:53 10-05-2007 - 00:19
CVE-2010-1624 5.0
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed
31-03-2023 - 19:58 14-05-2010 - 19:30
CVE-2009-1956 6.4
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
03-03-2023 - 18:45 08-06-2009 - 01:00
CVE-2011-2729 5.0
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows re
13-02-2023 - 04:31 15-08-2011 - 21:55
CVE-2011-1091 4.0
libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows (1) remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a malformed YMSG notification packet, and allo
13-02-2023 - 04:29 14-03-2011 - 19:55
CVE-2010-3718 1.2
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as
13-02-2023 - 04:25 10-02-2011 - 18:00
CVE-2010-2063 7.5
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arb
13-02-2023 - 04:19 17-06-2010 - 16:30
CVE-2010-1157 2.6
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
13-02-2023 - 04:17 23-04-2010 - 14:30
CVE-2010-0740 5.0
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi
13-02-2023 - 04:16 26-03-2010 - 18:30
CVE-2010-0433 4.3
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of servic
13-02-2023 - 04:16 05-03-2010 - 19:30
CVE-2010-0290 4.0
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisonin
13-02-2023 - 02:21 22-01-2010 - 22:00
CVE-2009-1890 7.1
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al
13-02-2023 - 02:20 05-07-2009 - 16:30
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
13-02-2023 - 02:20 09-11-2009 - 17:30
CVE-2009-1887 5.0
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability e
13-02-2023 - 02:20 26-06-2009 - 18:30
CVE-2009-1891 7.1
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13-02-2023 - 02:20 10-07-2009 - 15:30
CVE-2009-1376 9.3
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remo
13-02-2023 - 02:20 26-05-2009 - 15:30
CVE-2008-5515 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to b
13-02-2023 - 02:19 16-06-2009 - 21:00
CVE-2008-2927 6.8
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to
13-02-2023 - 02:19 07-07-2008 - 23:41
CVE-2008-3275 4.9
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denia
13-02-2023 - 02:19 12-08-2008 - 23:41
CVE-2008-3525 7.2
The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMAN
13-02-2023 - 02:19 03-09-2008 - 14:12
CVE-2008-2364 5.0
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
13-02-2023 - 02:19 13-06-2008 - 18:41
CVE-2008-2812 7.2
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) ha
13-02-2023 - 02:19 09-07-2008 - 00:41
CVE-2009-0781 4.3
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary
13-02-2023 - 02:19 09-03-2009 - 21:30
CVE-2009-0580 4.3
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel
13-02-2023 - 02:19 05-06-2009 - 16:00
CVE-2008-1232 4.3
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
13-02-2023 - 02:18 04-08-2008 - 01:41
CVE-2007-1860 5.0
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly in
13-02-2023 - 02:17 25-05-2007 - 18:30
CVE-2007-0774 7.5
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitr
13-02-2023 - 02:17 04-03-2007 - 22:19
CVE-2011-2526 4.4
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restri
13-02-2023 - 01:20 14-07-2011 - 23:55
CVE-2011-1183 5.8
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerabil
13-02-2023 - 01:19 08-04-2011 - 15:17
CVE-2011-0013 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the displ
13-02-2023 - 01:18 19-02-2011 - 01:00
CVE-2009-1893 6.9
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.
13-02-2023 - 01:17 17-07-2009 - 16:30
CVE-2009-2902 4.3
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
13-02-2023 - 01:17 28-01-2010 - 20:30
CVE-2009-0033 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with i
13-02-2023 - 01:17 05-06-2009 - 16:00
CVE-2009-1373 7.1
Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained fro
13-02-2023 - 01:17 26-05-2009 - 15:30
CVE-2009-0783 4.6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)
13-02-2023 - 01:17 05-06-2009 - 16:00
CVE-2013-1896 4.3
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han
13-02-2023 - 00:28 10-07-2013 - 20:55
CVE-2011-1184 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypas
13-02-2023 - 00:15 14-01-2012 - 21:55
CVE-2012-0753 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
30-01-2023 - 18:01 16-02-2012 - 19:55
CVE-2012-0767 4.3
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attac
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0756 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0755 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0754 9.3
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
30-01-2023 - 18:00 16-02-2012 - 19:55
CVE-2012-0773 9.3
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x;
30-01-2023 - 18:00 28-03-2012 - 19:55
CVE-2013-0879 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified othe
30-01-2023 - 15:01 23-02-2013 - 21:55
CVE-2013-0899 5.0
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products
24-01-2023 - 02:48 23-02-2013 - 21:55
CVE-2013-0880 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databas
24-01-2023 - 01:50 23-02-2013 - 21:55
CVE-2013-0898 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.
24-01-2023 - 01:46 23-02-2013 - 21:55
CVE-2009-2687 4.3
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
19-01-2023 - 16:38 05-08-2009 - 19:30
CVE-2013-0791 5.0
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other pr
21-12-2022 - 16:17 03-04-2013 - 11:56
CVE-2008-4609 7.1
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vect
14-12-2022 - 16:40 20-10-2008 - 17:59
CVE-2013-0900 6.8
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspe
18-11-2022 - 20:17 23-02-2013 - 21:55
CVE-2013-0897 4.3
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.
18-11-2022 - 20:17 23-02-2013 - 21:55
CVE-2013-0896 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified
18-11-2022 - 20:03 23-02-2013 - 21:55
CVE-2013-0893 6.8
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
18-11-2022 - 20:03 23-02-2013 - 21:55
CVE-2013-0892 7.5
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vector
18-11-2022 - 20:02 23-02-2013 - 21:55
CVE-2013-0891 7.5
Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.
18-11-2022 - 20:02 23-02-2013 - 21:55
CVE-2013-0885 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
18-11-2022 - 19:59 23-02-2013 - 21:55
CVE-2013-0884 6.8
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
18-11-2022 - 19:59 23-02-2013 - 21:55
CVE-2013-0887 7.5
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vect
18-11-2022 - 19:41 23-02-2013 - 21:55
CVE-2013-0882 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters
18-11-2022 - 17:55 23-02-2013 - 21:55
CVE-2013-0883 5.0
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
18-11-2022 - 17:55 23-02-2013 - 21:55
CVE-2013-0881 5.0
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
18-11-2022 - 17:52 23-02-2013 - 21:55
CVE-2013-0889 6.8
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbit
18-11-2022 - 17:49 23-02-2013 - 21:55
CVE-2013-0890 7.5
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impac
18-11-2022 - 17:49 23-02-2013 - 21:55
CVE-2013-0888 5.0
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file do
18-11-2022 - 17:47 23-02-2013 - 21:55
CVE-2007-5536 4.9
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
24-10-2022 - 16:41 18-10-2007 - 00:17
CVE-2006-3918 4.3
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected ba
21-09-2022 - 19:35 28-07-2006 - 00:04
CVE-2011-3348 4.3
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP r
19-09-2022 - 19:49 20-09-2011 - 05:55
CVE-2011-3192 7.8
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as e
19-09-2022 - 19:49 29-08-2011 - 15:55
CVE-2011-0419 4.3
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac
19-09-2022 - 19:47 16-05-2011 - 17:55
CVE-2013-1862 5.1
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containi
14-09-2022 - 19:50 10-06-2013 - 17:55
CVE-2008-1105 7.5
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
29-08-2022 - 20:12 29-05-2008 - 16:32
CVE-2004-0589 4.3
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
24-08-2022 - 15:40 06-08-2004 - 04:00
CVE-2013-2882 7.5
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
16-08-2022 - 13:29 31-07-2013 - 13:20
CVE-2010-1387 9.3
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi
09-08-2022 - 13:48 18-06-2010 - 16:30
CVE-2007-1887 7.5
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by ca
21-07-2022 - 15:12 06-04-2007 - 01:19
CVE-2013-2466 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2469 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2447 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2455 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2444 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect av
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2407 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors rel
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-1475 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:53 02-02-2013 - 00:55
CVE-2013-1487 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to De
13-05-2022 - 14:53 20-02-2013 - 21:55
CVE-2013-0438 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
13-05-2022 - 14:53 02-02-2013 - 00:55
CVE-2013-0432 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:53 02-02-2013 - 00:55
CVE-2013-2432 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2454 5.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrit
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2445 7.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2452 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2450 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2412 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceab
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2012-3159 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
13-05-2022 - 14:52 16-10-2012 - 21:55
CVE-2013-2442 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-3743 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AW
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2420 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2465 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2012-5072 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.
13-05-2022 - 14:52 16-10-2012 - 21:55
CVE-2013-2471 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2470 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2437 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2012-5068 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
13-05-2022 - 14:52 16-10-2012 - 21:55
CVE-2013-2473 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2443 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2012-3342 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-2472 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2464 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2457 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors relate
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2453 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2468 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2459 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2012-3213 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scri
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2012-5086 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
13-05-2022 - 14:52 16-10-2012 - 21:55
CVE-2013-2463 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2456 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2446 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2439 6.9
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integr
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2394 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2012-4416 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
13-05-2022 - 14:52 16-10-2012 - 21:55
CVE-2013-2448 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-1473 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-1480 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0809 10.0
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unkn
13-05-2022 - 14:52 05-03-2013 - 22:06
CVE-2013-1500 3.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-1478 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-1493 10.0
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via
13-05-2022 - 14:52 05-03-2013 - 22:06
CVE-2013-1571 4.3
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-1476 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-1486 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability
13-05-2022 - 14:52 20-02-2013 - 21:55
CVE-2012-1532 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:52 16-10-2012 - 21:55
CVE-2012-1533 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
13-05-2022 - 14:52 16-10-2012 - 21:55
CVE-2012-1541 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0445 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0442 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0427 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0435 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0450 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0423 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0443 4.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0428 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0434 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0433 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0429 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0419 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0425 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0409 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0441 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0426 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0446 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0440 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via v
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0424 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vect
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0351 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-2467 6.9
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
13-05-2022 - 14:49 18-06-2013 - 22:55
CVE-2009-2625 5.0
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
13-05-2022 - 14:44 06-08-2009 - 15:30
CVE-2013-2461 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and
13-05-2022 - 14:35 18-06-2013 - 22:55
CVE-2011-1266 9.3
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly
28-02-2022 - 19:48 16-06-2011 - 20:55
CVE-2010-2560 9.3
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
28-02-2022 - 18:57 11-08-2010 - 18:47
CVE-2010-2558 9.3
Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerabili
28-02-2022 - 17:30 11-08-2010 - 18:47
CVE-2010-2557 9.3
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
28-02-2022 - 17:27 11-08-2010 - 18:47
CVE-2010-2556 9.3
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,
28-02-2022 - 17:24 11-08-2010 - 18:47
CVE-2006-3894 5.0
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
17-12-2021 - 20:00 22-05-2007 - 19:30
CVE-2005-4360 7.8
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.d
08-11-2021 - 21:45 20-12-2005 - 01:03
CVE-2013-0074 9.3
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Dou
22-09-2021 - 14:22 13-03-2013 - 00:55
CVE-2007-0066 7.1
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-boun
13-09-2021 - 01:23 08-01-2008 - 20:46
CVE-2010-4487 7.5
Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
08-09-2021 - 17:19 07-12-2010 - 21:00
CVE-2010-3414 10.0
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists beca
08-09-2021 - 17:19 16-09-2010 - 21:00
CVE-2011-1305 6.8
Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.
08-09-2021 - 17:19 03-05-2011 - 22:55
CVE-2011-0782 5.0
Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.
08-09-2021 - 17:19 04-02-2011 - 18:00
CVE-2011-0776 5.0
The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.
08-09-2021 - 17:19 04-02-2011 - 18:00
CVE-2012-4845 6.8
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executa
31-08-2021 - 15:43 20-10-2012 - 10:41
CVE-2010-1258 4.3
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "E
23-07-2021 - 15:12 11-08-2010 - 18:47
CVE-2010-1259 9.3
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption V
23-07-2021 - 15:12 08-06-2010 - 22:30
CVE-2010-1262 9.3
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and
23-07-2021 - 15:12 08-06-2010 - 22:30
CVE-2010-0255 4.3
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScr
23-07-2021 - 15:12 04-02-2010 - 20:15
CVE-2011-1252 4.3
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows
23-07-2021 - 15:12 16-06-2011 - 20:55
CVE-2004-0214 10.0
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long s
23-07-2021 - 15:03 03-11-2004 - 05:00
CVE-2006-3730 9.3
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which
23-07-2021 - 12:55 21-07-2006 - 14:03
CVE-2006-3357 7.5
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field
23-07-2021 - 12:55 06-07-2006 - 20:05
CVE-2004-1043 5.0
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local z
23-07-2021 - 12:55 31-12-2004 - 05:00
CVE-2007-0217 10.0
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, wh
23-07-2021 - 12:55 13-02-2007 - 22:28
CVE-2009-0550 9.3
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on
23-07-2021 - 12:19 15-04-2009 - 08:00
CVE-2010-3326 9.3
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Unini
23-07-2021 - 12:16 13-10-2010 - 19:00
CVE-2011-1997 9.3
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability."
23-07-2021 - 12:16 12-10-2011 - 02:52
CVE-2009-0552 9.3
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in me
23-07-2021 - 12:16 15-04-2009 - 08:00
CVE-2003-0083 5.0
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities relate
15-07-2021 - 20:37 02-04-2003 - 05:00
CVE-2003-0132 5.0
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15-07-2021 - 20:14 11-04-2003 - 04:00
CVE-2007-3898 6.4
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attac
07-07-2021 - 16:09 14-11-2007 - 01:46
CVE-2012-4558 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remo
06-06-2021 - 11:15 26-02-2013 - 16:55
CVE-2012-4557 5.0
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an
06-06-2021 - 11:15 30-11-2012 - 19:55
CVE-2012-3499 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagema
06-06-2021 - 11:15 26-02-2013 - 16:55
CVE-2012-2687 2.6
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to in
06-06-2021 - 11:15 22-08-2012 - 19:55
CVE-2010-0010 6.8
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary co
06-06-2021 - 11:15 02-02-2010 - 16:30
CVE-2003-0192 6.4
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which c
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2003-0254 5.0
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2003-0253 5.0
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2003-0020 5.0
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
06-06-2021 - 11:15 18-03-2003 - 05:00
CVE-2003-0542 7.2
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9
06-06-2021 - 11:15 03-11-2003 - 05:00
CVE-2013-0800 6.8
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, Se
11-03-2021 - 15:35 03-04-2013 - 11:56
CVE-2010-3972 10.0
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a den
05-02-2021 - 15:37 23-12-2010 - 18:00
CVE-2012-2532 5.0
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka
05-02-2021 - 15:37 14-11-2012 - 00:55
CVE-2010-2730 9.3
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Per: http://www.mic
05-02-2021 - 15:37 15-09-2010 - 19:00
CVE-2010-1899 4.3
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS
05-02-2021 - 15:37 15-09-2010 - 19:00
CVE-2008-0074 7.2
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.
05-02-2021 - 15:37 12-02-2008 - 21:00
CVE-2012-2531 2.1
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
05-02-2021 - 15:37 14-11-2012 - 00:55
CVE-2010-1321 6.8
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allo
02-02-2021 - 18:53 19-05-2010 - 18:30
CVE-2007-2798 9.0
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
02-02-2021 - 18:32 26-06-2007 - 22:30
CVE-2007-2443 8.3
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
02-02-2021 - 18:28 26-06-2007 - 22:30
CVE-2009-3023 9.0
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption,
23-11-2020 - 19:51 31-08-2009 - 20:30
CVE-2009-2521 5.0
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that re
23-11-2020 - 19:50 04-09-2009 - 10:30
CVE-2010-2731 6.8
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted
23-11-2020 - 19:49 15-09-2010 - 19:00
CVE-2003-0718 5.0
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML element
23-11-2020 - 19:49 03-11-2004 - 05:00
CVE-2008-0075 10.0
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
23-11-2020 - 19:49 12-02-2008 - 21:00
CVE-2006-0026 6.5
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
23-11-2020 - 19:49 11-07-2006 - 22:05
CVE-2013-0006 9.3
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
20-11-2020 - 20:15 09-01-2013 - 18:09
CVE-2005-1260 5.0
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
13-11-2020 - 17:07 19-05-2005 - 04:00
CVE-2003-0227 5.0
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Informatio
13-11-2020 - 16:30 09-06-2003 - 04:00
CVE-2013-3888 7.2
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerab
28-09-2020 - 12:58 09-10-2013 - 14:53
CVE-2013-3183 7.8
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote at
28-09-2020 - 12:58 14-08-2013 - 11:10
CVE-2013-3200 7.2
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
28-09-2020 - 12:58 09-10-2013 - 14:53
CVE-2010-3958 9.3
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted A
28-09-2020 - 12:58 13-04-2011 - 18:55
CVE-2013-3138 7.1
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via
28-09-2020 - 12:58 12-06-2013 - 03:30
CVE-2013-3887 4.9
The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local user
28-09-2020 - 12:58 13-11-2013 - 00:55
CVE-2012-4777 9.3
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2012-1895 9.3
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XB
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2011-1991 9.3
Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan hors
28-09-2020 - 12:58 15-09-2011 - 12:26
CVE-2013-1286 7.2
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
28-09-2020 - 12:58 13-03-2013 - 00:55
CVE-2011-1978 4.3
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser a
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2013-1332 7.2
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in m
28-09-2020 - 12:58 15-05-2013 - 03:36
CVE-2012-1855 9.3
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework applica
28-09-2020 - 12:58 12-06-2012 - 22:55
CVE-2011-1977 4.3
The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HT
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2011-1871 7.8
Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2012-2531 2.1
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2012-1848 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
28-09-2020 - 12:58 09-05-2012 - 00:55
CVE-2011-1965 7.1
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server,
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2013-1287 7.2
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
28-09-2020 - 12:58 13-03-2013 - 00:55
CVE-2011-1271 5.1
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access rest
28-09-2020 - 12:58 10-05-2011 - 19:55
CVE-2012-1896 5.0
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafte
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2013-1281 7.1
The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2011-1266 9.3
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2012-2519 7.9
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2011-2013 10.0
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a clos
28-09-2020 - 12:58 08-11-2011 - 21:55
CVE-2013-1285 7.2
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
28-09-2020 - 12:58 13-03-2013 - 00:55
CVE-2011-1267 7.8
The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2011-1249 7.2
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode inp
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2011-1252 4.3
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2012-0148 7.2
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passe
28-09-2020 - 12:58 14-02-2012 - 22:55
CVE-2011-1253 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP
28-09-2020 - 12:58 12-10-2011 - 02:52
CVE-2011-0661 10.0
The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows
28-09-2020 - 12:58 13-04-2011 - 18:55
CVE-2013-0075 7.8
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted pack
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2013-1332 7.2
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in m
28-09-2020 - 12:58 15-05-2013 - 03:36
CVE-2013-0075 7.8
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted pack
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2012-0014 9.3
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser
28-09-2020 - 12:58 14-02-2012 - 22:55
CVE-2013-3200 7.2
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
28-09-2020 - 12:58 09-10-2013 - 14:53
CVE-2013-0030 9.3
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2013-0007 9.3
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
28-09-2020 - 12:58 09-01-2013 - 18:09
CVE-2011-1267 7.8
The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2012-2519 7.9
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2012-0180 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
28-09-2020 - 12:58 09-05-2012 - 00:55
CVE-2013-1286 7.2
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
28-09-2020 - 12:58 13-03-2013 - 00:55
CVE-2012-4777 9.3
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2012-1855 9.3
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework applica
28-09-2020 - 12:58 12-06-2012 - 22:55
CVE-2012-0148 7.2
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passe
28-09-2020 - 12:58 14-02-2012 - 22:55
CVE-2012-0178 7.2
Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simulta
28-09-2020 - 12:58 09-05-2012 - 00:55
CVE-2013-0073 10.0
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code vi
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2013-3138 7.1
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via
28-09-2020 - 12:58 12-06-2013 - 03:30
CVE-2013-1281 7.1
The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2012-1895 9.3
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XB
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2011-1965 7.1
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server,
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2011-1871 7.8
Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2013-0001 4.3
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML bro
28-09-2020 - 12:58 09-01-2013 - 18:09
CVE-2012-0173 9.3
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
28-09-2020 - 12:58 12-06-2012 - 22:55
CVE-2012-0014 9.3
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser
28-09-2020 - 12:58 14-02-2012 - 22:55
CVE-2012-0015 9.3
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET applicati
28-09-2020 - 12:58 14-02-2012 - 22:55
CVE-2012-0002 9.3
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
28-09-2020 - 12:58 13-03-2012 - 21:55
CVE-2013-3183 7.8
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote at
28-09-2020 - 12:58 14-08-2013 - 11:10
CVE-2013-1285 7.2
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
28-09-2020 - 12:58 13-03-2013 - 00:55
CVE-2012-1848 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
28-09-2020 - 12:58 09-05-2012 - 00:55
CVE-2011-1991 9.3
Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan hors
28-09-2020 - 12:58 15-09-2011 - 12:26
CVE-2011-1978 4.3
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser a
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2013-3888 7.2
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerab
28-09-2020 - 12:58 09-10-2013 - 14:53
CVE-2013-1287 7.2
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
28-09-2020 - 12:58 13-03-2013 - 00:55
CVE-2013-0073 10.0
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code vi
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2012-0178 7.2
Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simulta
28-09-2020 - 12:58 09-05-2012 - 00:55
CVE-2011-2013 10.0
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a clos
28-09-2020 - 12:58 08-11-2011 - 21:55
CVE-2011-1977 4.3
The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HT
28-09-2020 - 12:58 10-08-2011 - 21:55
CVE-2013-0007 9.3
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
28-09-2020 - 12:58 09-01-2013 - 18:09
CVE-2012-1896 5.0
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafte
28-09-2020 - 12:58 14-11-2012 - 00:55
CVE-2012-0173 9.3
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
28-09-2020 - 12:58 12-06-2012 - 22:55
CVE-2012-0015 9.3
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET applicati
28-09-2020 - 12:58 14-02-2012 - 22:55
CVE-2012-0180 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
28-09-2020 - 12:58 09-05-2012 - 00:55
CVE-2013-3887 4.9
The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local user
28-09-2020 - 12:58 13-11-2013 - 00:55
CVE-2013-0006 9.3
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
28-09-2020 - 12:58 09-01-2013 - 18:09
CVE-2011-1249 7.2
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode inp
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2012-0002 9.3
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
28-09-2020 - 12:58 13-03-2012 - 21:55
CVE-2011-0661 10.0
The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows
28-09-2020 - 12:58 13-04-2011 - 18:55
CVE-2013-0030 9.3
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
28-09-2020 - 12:58 13-02-2013 - 12:04
CVE-2011-1271 5.1
The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access rest
28-09-2020 - 12:58 10-05-2011 - 19:55
CVE-2011-1253 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP
28-09-2020 - 12:58 12-10-2011 - 02:52
CVE-2010-3958 9.3
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted A
28-09-2020 - 12:58 13-04-2011 - 18:55
CVE-2013-0001 4.3
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML bro
28-09-2020 - 12:58 09-01-2013 - 18:09
CVE-2007-3378 6.8
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu
18-09-2020 - 19:15 29-06-2007 - 18:30
CVE-2011-3970 4.3
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
09-09-2020 - 15:15 09-02-2012 - 04:10
CVE-2012-3972 5.0
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit
09-09-2020 - 14:51 29-08-2012 - 10:56
CVE-2012-3961 10.0
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
28-08-2020 - 14:23 29-08-2012 - 10:56
CVE-2012-3968 10.0
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
28-08-2020 - 14:23 29-08-2012 - 10:56
CVE-2012-1970 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial
28-08-2020 - 13:30 29-08-2012 - 10:56
CVE-2012-0449 9.3
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
28-08-2020 - 13:14 01-02-2012 - 16:55
CVE-2012-0444 10.0
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corr
28-08-2020 - 13:12 01-02-2012 - 16:55
CVE-2012-0442 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corru
28-08-2020 - 13:11 01-02-2012 - 16:55
CVE-2011-3659 9.3
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect Attribu
28-08-2020 - 13:10 01-02-2012 - 16:55
CVE-2012-3983 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
27-08-2020 - 14:53 10-10-2012 - 17:55
CVE-2012-3989 9.3
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary
27-08-2020 - 14:50 10-10-2012 - 17:55
CVE-2012-3976 4.3
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform
26-08-2020 - 20:39 29-08-2012 - 10:56
CVE-2012-5354 6.8
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks vi
26-08-2020 - 19:40 10-10-2012 - 17:55
CVE-2012-3985 4.3
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access af
26-08-2020 - 19:36 10-10-2012 - 17:55
CVE-2012-4205 6.8
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site reques
21-08-2020 - 18:45 21-11-2012 - 12:55
CVE-2012-4201 4.3
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code
14-08-2020 - 17:33 21-11-2012 - 12:55
CVE-2010-1205 7.5
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
14-08-2020 - 15:50 30-06-2010 - 18:30
CVE-2012-3993 9.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallT
13-08-2020 - 20:43 10-10-2012 - 17:55
CVE-2012-4209 4.3
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which make
13-08-2020 - 19:32 21-11-2012 - 12:55
CVE-2012-4188 9.3
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary
13-08-2020 - 19:29 10-10-2012 - 17:55
CVE-2012-4207 4.3
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in pro
13-08-2020 - 19:20 21-11-2012 - 12:55
CVE-2012-4184 4.3
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype
13-08-2020 - 18:32 10-10-2012 - 17:55
CVE-2012-3995 9.3
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a den
13-08-2020 - 18:12 10-10-2012 - 17:55
CVE-2012-3988 9.3
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code v
12-08-2020 - 18:11 10-10-2012 - 17:55
CVE-2012-3991 9.3
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to by
11-08-2020 - 13:37 10-10-2012 - 17:55
CVE-2012-3982 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial
10-08-2020 - 15:53 10-10-2012 - 17:55
CVE-2012-4187 9.3
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary c
10-08-2020 - 14:59 10-10-2012 - 17:55
CVE-2012-3992 4.3
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XS
10-08-2020 - 14:52 10-10-2012 - 17:55
CVE-2012-3986 4.3
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote a
10-08-2020 - 14:47 10-10-2012 - 17:55
CVE-2012-3994 4.3
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Obj
07-08-2020 - 15:42 10-10-2012 - 17:55
CVE-2010-1770 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, wh
07-08-2020 - 15:25 11-06-2010 - 19:30
CVE-2013-0744 9.3
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 a
04-08-2020 - 17:35 13-01-2013 - 20:55
CVE-2010-4494 7.5
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath
31-07-2020 - 18:38 07-12-2010 - 21:00
CVE-2010-3130 9.3
Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the sam
13-05-2020 - 17:15 26-08-2010 - 18:36
CVE-2011-3888 6.8
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown pl
11-05-2020 - 17:44 25-10-2011 - 19:55
CVE-2011-3889 7.5
Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
11-05-2020 - 16:50 25-10-2011 - 19:55
CVE-2011-3880 7.5
Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors.
11-05-2020 - 16:48 25-10-2011 - 19:55
CVE-2011-3876 6.8
Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors.
11-05-2020 - 16:46 25-10-2011 - 19:55
CVE-2011-2845 4.3
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
11-05-2020 - 16:44 25-10-2011 - 19:55
CVE-2011-3891 7.5
Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
11-05-2020 - 16:12 25-10-2011 - 19:55
CVE-2011-3885 7.5
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.
11-05-2020 - 16:02 25-10-2011 - 19:55
CVE-2011-3883 7.5
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters.
11-05-2020 - 15:57 25-10-2011 - 19:55
CVE-2011-3882 7.5
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media buffers.
11-05-2020 - 15:56 25-10-2011 - 19:55
CVE-2011-2842 7.5
The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.
08-05-2020 - 17:47 19-09-2011 - 12:02
CVE-2011-3953 7.5
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
08-05-2020 - 14:13 09-02-2012 - 04:10
CVE-2011-3955 7.5
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.
08-05-2020 - 14:12 09-02-2012 - 04:10
CVE-2011-3957 7.5
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
08-05-2020 - 14:12 09-02-2012 - 04:10
CVE-2011-3961 9.3
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
08-05-2020 - 14:07 09-02-2012 - 04:10
CVE-2011-3963 5.0
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
08-05-2020 - 14:04 09-02-2012 - 04:10
CVE-2011-3971 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.
08-05-2020 - 14:03 09-02-2012 - 04:10
CVE-2011-3887 5.0
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
08-05-2020 - 13:40 25-10-2011 - 19:55
CVE-2011-3884 6.8
Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
08-05-2020 - 12:55 25-10-2011 - 19:55
CVE-2011-3879 7.5
Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors.
07-05-2020 - 20:41 25-10-2011 - 19:55
CVE-2011-3966 7.5
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data
07-05-2020 - 18:20 09-02-2012 - 04:10
CVE-2011-3967 5.0
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.
07-05-2020 - 18:15 09-02-2012 - 04:10
CVE-2011-3877 4.3
Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
07-05-2020 - 18:10 25-10-2011 - 19:55
CVE-2011-3878 6.8
Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.
07-05-2020 - 18:10 25-10-2011 - 19:55
CVE-2011-3875 4.3
Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
07-05-2020 - 18:08 25-10-2011 - 19:55
CVE-2011-3890 7.5
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.
07-05-2020 - 18:06 25-10-2011 - 19:55
CVE-2011-3960 4.3
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
21-04-2020 - 17:31 09-02-2012 - 04:10
CVE-2011-3964 5.8
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.
17-04-2020 - 13:34 09-02-2012 - 04:10
CVE-2011-3962 4.3
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
17-04-2020 - 13:33 09-02-2012 - 04:10
CVE-2011-3958 6.8
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
17-04-2020 - 13:32 09-02-2012 - 04:10
CVE-2011-3959 7.5
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
17-04-2020 - 13:32 09-02-2012 - 04:10
CVE-2011-3956 6.8
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
17-04-2020 - 13:31 09-02-2012 - 04:10
CVE-2011-3954 5.0
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
17-04-2020 - 13:30 09-02-2012 - 04:10
CVE-2011-3965 5.0
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
16-04-2020 - 18:44 09-02-2012 - 04:10
CVE-2011-3968 4.3
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.
16-04-2020 - 17:45 09-02-2012 - 04:10
CVE-2011-3969 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
16-04-2020 - 17:33 09-02-2012 - 04:10
CVE-2011-3031 6.8
Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
16-04-2020 - 16:17 05-03-2012 - 19:55
CVE-2011-3033 7.5
Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
16-04-2020 - 16:16 05-03-2012 - 19:55
CVE-2011-3032 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
16-04-2020 - 16:16 05-03-2012 - 19:55
CVE-2011-3034 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
16-04-2020 - 16:15 05-03-2012 - 19:55
CVE-2011-3035 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
16-04-2020 - 16:15 05-03-2012 - 19:55
CVE-2011-3036 6.8
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
16-04-2020 - 16:14 05-03-2012 - 19:55
CVE-2011-3037 6.8
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted documen
16-04-2020 - 16:13 05-03-2012 - 19:55
CVE-2011-3038 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
16-04-2020 - 16:10 05-03-2012 - 19:55
CVE-2011-3039 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
16-04-2020 - 16:08 05-03-2012 - 19:55
CVE-2011-3040 4.3
Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
16-04-2020 - 16:08 05-03-2012 - 19:55
CVE-2011-3042 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
16-04-2020 - 16:06 05-03-2012 - 19:55
CVE-2011-3041 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
16-04-2020 - 16:06 05-03-2012 - 19:55
CVE-2011-3043 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of ele
16-04-2020 - 16:04 05-03-2012 - 19:55
CVE-2011-3044 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
16-04-2020 - 15:59 05-03-2012 - 19:55
CVE-2011-3046 10.0
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
16-04-2020 - 15:59 09-03-2012 - 00:55
CVE-2011-3047 9.3
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
16-04-2020 - 15:58 10-03-2012 - 19:55
CVE-2012-1845 9.3
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition
16-04-2020 - 15:41 22-03-2012 - 16:55
CVE-2012-1846 10.0
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affecte
16-04-2020 - 15:27 22-03-2012 - 16:55
CVE-2011-3049 5.0
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
16-04-2020 - 15:25 23-03-2012 - 10:55
CVE-2011-3050 6.8
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lette
14-04-2020 - 16:06 22-03-2012 - 16:55
CVE-2011-3051 6.8
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade f
14-04-2020 - 16:02 22-03-2012 - 16:55
CVE-2011-3053 6.8
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
14-04-2020 - 16:01 22-03-2012 - 16:55
CVE-2011-3052 6.8
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
14-04-2020 - 15:57 22-03-2012 - 16:55
CVE-2011-3054 4.3
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
14-04-2020 - 15:56 22-03-2012 - 16:55
CVE-2011-3055 4.3
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
14-04-2020 - 15:43 22-03-2012 - 16:55
CVE-2011-3056 6.8
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
14-04-2020 - 15:41 22-03-2012 - 16:55
CVE-2011-3057 4.3
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
14-04-2020 - 15:40 22-03-2012 - 16:55
CVE-2011-3058 4.3
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
14-04-2020 - 15:17 30-03-2012 - 22:55
CVE-2011-3060 6.8
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
14-04-2020 - 15:16 30-03-2012 - 22:55
CVE-2011-3059 6.8
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
14-04-2020 - 15:16 30-03-2012 - 22:55
CVE-2011-3061 5.8
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
14-04-2020 - 15:13 30-03-2012 - 22:55
CVE-2011-3062 6.8
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
14-04-2020 - 15:12 30-03-2012 - 22:55
CVE-2011-3063 4.3
Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.
14-04-2020 - 15:12 30-03-2012 - 22:55
CVE-2011-3065 6.8
Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
14-04-2020 - 15:11 30-03-2012 - 22:55
CVE-2011-3064 7.5
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
14-04-2020 - 15:10 30-03-2012 - 22:55
CVE-2011-3066 6.8
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
14-04-2020 - 14:59 05-04-2012 - 22:02
CVE-2011-3067 6.8
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
14-04-2020 - 14:58 05-04-2012 - 22:02
CVE-2011-3068 6.8
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
14-04-2020 - 14:57 05-04-2012 - 22:02
CVE-2011-3069 6.8
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
14-04-2020 - 14:57 05-04-2012 - 22:02
CVE-2011-3070 6.8
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
14-04-2020 - 14:57 05-04-2012 - 22:02
CVE-2011-3071 6.8
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
14-04-2020 - 14:50 05-04-2012 - 22:02
CVE-2011-3072 6.8
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
14-04-2020 - 14:48 05-04-2012 - 22:02
CVE-2011-3074 6.8
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
14-04-2020 - 14:28 05-04-2012 - 22:02
CVE-2011-3073 6.8
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
14-04-2020 - 14:28 05-04-2012 - 22:02
CVE-2011-3075 6.8
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
14-04-2020 - 14:27 05-04-2012 - 22:02
CVE-2011-3076 6.8
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
14-04-2020 - 14:14 05-04-2012 - 22:02
CVE-2011-3077 6.8
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
14-04-2020 - 14:13 05-04-2012 - 22:02
CVE-2011-3080 7.6
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
14-04-2020 - 14:13 01-05-2012 - 10:12
CVE-2012-1521 6.8
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
13-04-2020 - 17:17 01-05-2012 - 10:12
CVE-2011-3078 6.8
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011
13-04-2020 - 17:15 01-05-2012 - 10:12
CVE-2011-3081 9.3
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011
13-04-2020 - 16:19 01-05-2012 - 10:12
CVE-2004-0574 10.0
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, poss
09-04-2020 - 13:50 03-11-2004 - 05:00
CVE-2006-0002 7.5
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulatio
09-04-2020 - 13:29 10-01-2006 - 22:03
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
24-03-2020 - 18:19 08-07-2008 - 23:41
CVE-2010-3282 1.9
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-root
29-01-2020 - 15:27 09-01-2020 - 21:15
CVE-2005-0488 5.0
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
21-01-2020 - 15:45 14-06-2005 - 04:00
CVE-2005-0758 4.6
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
16-10-2019 - 20:01 13-05-2005 - 04:00
CVE-2010-3644 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3652 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3648 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3643 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3650 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3640 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3641 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3645 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3636 9.3
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote w
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3642 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3649 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3647 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2010-3646 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2008-5345 7.5
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a
09-10-2019 - 22:56 05-12-2008 - 11:30
CVE-2008-5360 6.4
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allow
09-10-2019 - 22:56 05-12-2008 - 11:30
CVE-2008-5359 9.3
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbit
09-10-2019 - 22:56 05-12-2008 - 11:30
CVE-2008-5357 9.3
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbi
09-10-2019 - 22:56 05-12-2008 - 11:30
CVE-2007-3897 9.3
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
09-10-2019 - 22:53 09-10-2007 - 22:17
CVE-2003-0150 9.0
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by mod
07-10-2019 - 16:41 24-03-2003 - 05:00
CVE-2003-0073 5.0
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
07-10-2019 - 16:41 19-02-2003 - 05:00
CVE-2012-5376 9.3
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerabili
27-09-2019 - 17:19 11-10-2012 - 10:51
CVE-2010-1029 5.0
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (ap
26-09-2019 - 17:05 19-03-2010 - 21:30
CVE-2008-5346 7.1
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a
31-07-2019 - 12:42 05-12-2008 - 11:30
CVE-2012-4791 3.5
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
01-06-2019 - 00:29 12-12-2012 - 00:55
CVE-2006-3443 7.2
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulner
30-04-2019 - 14:27 09-08-2006 - 01:04
CVE-2002-1258 5.0
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in
30-04-2019 - 14:27 23-12-2002 - 05:00
CVE-2002-0863 5.0
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka
30-04-2019 - 14:27 11-10-2002 - 04:00
CVE-2007-3901 8.5
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
30-04-2019 - 14:27 12-12-2007 - 00:46
CVE-2006-2379 9.3
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2006-3444 7.5
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
30-04-2019 - 14:27 09-08-2006 - 00:04
CVE-2002-0151 7.2
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
30-04-2019 - 14:27 04-04-2002 - 05:00
CVE-2005-0048 7.5
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Valid
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2003-0660 7.5
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user appr
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2003-0345 7.5
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
30-04-2019 - 14:27 18-08-2003 - 04:00
CVE-2005-1218 5.0
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
30-04-2019 - 14:27 10-08-2005 - 04:00
CVE-2003-0111 7.5
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Fla
30-04-2019 - 14:27 05-05-2003 - 04:00
CVE-2010-0478 9.3
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Med
30-04-2019 - 14:27 14-04-2010 - 16:00
CVE-2003-0112 4.6
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
30-04-2019 - 14:27 12-05-2003 - 04:00
CVE-2003-0824 5.0
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain
30-04-2019 - 14:27 15-12-2003 - 05:00
CVE-2004-1319 5.0
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the par
30-04-2019 - 14:27 15-12-2004 - 05:00
CVE-2004-0568 10.0
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2005-0057 7.5
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2004-1080 10.0
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS re
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2003-0825 9.3
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute
30-04-2019 - 14:27 03-03-2004 - 05:00
CVE-2003-0662 9.3
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2004-0212 10.0
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Interne
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2005-0061 7.2
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-0045 7.5
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2)
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-1214 5.1
Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
30-04-2019 - 14:27 14-06-2005 - 04:00
CVE-2003-0818 7.5
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encod
30-04-2019 - 14:27 03-03-2004 - 05:00
CVE-2004-0202 5.0
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2005-0060 7.2
Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2004-0210 7.2
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2004-0893 7.2
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges,
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2003-0659 7.2
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2013-4854 7.8
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertio
22-04-2019 - 17:48 29-07-2013 - 13:59
CVE-2006-2373 10.0
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEIT
26-03-2019 - 19:17 13-06-2006 - 19:06
CVE-2011-3190 7.5
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive in
25-03-2019 - 11:33 31-08-2011 - 23:55
CVE-2011-2204 1.9
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive inf
25-03-2019 - 11:33 29-06-2011 - 17:55
CVE-2012-0022 5.0
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters
25-03-2019 - 11:33 19-01-2012 - 04:01
CVE-2010-2227 6.4
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via
25-03-2019 - 11:32 13-07-2010 - 17:30
CVE-2009-3548 7.5
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
25-03-2019 - 11:31 12-11-2009 - 23:30
CVE-2009-2693 5.8
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat
25-03-2019 - 11:30 28-01-2010 - 20:30
CVE-2007-1355 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attacker
25-03-2019 - 11:29 21-05-2007 - 20:30
CVE-2008-4261 9.3
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers t
26-02-2019 - 14:04 10-12-2008 - 14:00
CVE-2010-3963 7.2
Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service
26-02-2019 - 14:04 16-12-2010 - 19:33
CVE-2008-4114 7.1
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact vi
26-02-2019 - 14:04 16-09-2008 - 23:00
CVE-2008-4038 10.0
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a cr
26-02-2019 - 14:04 15-10-2008 - 00:12
CVE-2013-3181 9.3
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerabili
26-02-2019 - 14:04 14-08-2013 - 11:10
CVE-2010-3965 9.3
Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL
26-02-2019 - 14:04 16-12-2010 - 19:33
CVE-2008-4834 10.0
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Tra
26-02-2019 - 14:04 14-01-2009 - 22:30
CVE-2008-4835 10.0
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets
26-02-2019 - 14:04 14-01-2009 - 22:30
CVE-2010-2550 10.0
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute
26-02-2019 - 14:04 11-08-2010 - 18:47
CVE-2010-2567 9.3
The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a m
26-02-2019 - 14:04 15-09-2010 - 19:00
CVE-2010-1882 9.3
Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a craft
26-02-2019 - 14:04 11-08-2010 - 18:47
CVE-2009-1922 6.9
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users
26-02-2019 - 14:04 12-08-2009 - 17:30
CVE-2010-1885 9.3
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist
26-02-2019 - 14:04 15-06-2010 - 14:04
CVE-2010-1891 6.9
The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows lo
26-02-2019 - 14:04 15-09-2010 - 19:00
CVE-2011-1968 7.1
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP p
26-02-2019 - 14:04 10-08-2011 - 21:55
CVE-2010-1894 7.2
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exceptio
26-02-2019 - 14:04 11-08-2010 - 18:47
CVE-2010-3222 7.2
Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to
26-02-2019 - 14:04 13-10-2010 - 19:00
CVE-2010-2741 7.2
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font
26-02-2019 - 14:04 13-10-2010 - 19:00
CVE-2010-2566 9.3
The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary co
26-02-2019 - 14:04 11-08-2010 - 18:47
CVE-2009-2497 9.3
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser appl
26-02-2019 - 14:04 14-10-2009 - 10:30
CVE-2011-2005 7.2
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary F
26-02-2019 - 14:04 12-10-2011 - 02:52
CVE-2009-2508 6.9
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate
26-02-2019 - 14:04 09-12-2009 - 18:30
CVE-2009-2509 9.0
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request
26-02-2019 - 14:04 09-12-2009 - 18:30
CVE-2011-1868 10.0
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Me
26-02-2019 - 14:04 16-06-2011 - 20:55
CVE-2010-3147 9.3
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to
26-02-2019 - 14:04 27-08-2010 - 19:00
CVE-2008-3476 9.3
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulner
26-02-2019 - 14:04 15-10-2008 - 00:12
CVE-2009-1925 10.0
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and th
26-02-2019 - 14:04 08-09-2009 - 22:30
CVE-2009-1539 9.3
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files,
26-02-2019 - 14:04 15-07-2009 - 15:30
CVE-2010-1895 7.2
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a
26-02-2019 - 14:04 11-08-2010 - 18:47
CVE-2011-1974 7.2
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka
26-02-2019 - 14:04 10-08-2011 - 21:55
CVE-2010-2740 7.2
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font P
26-02-2019 - 14:04 13-10-2010 - 19:00
CVE-2009-1538 9.3
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data val
26-02-2019 - 14:04 15-07-2009 - 15:30
CVE-2009-1926 7.8
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small o
26-02-2019 - 14:04 08-09-2009 - 22:30
CVE-2010-0483 7.6
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (
26-02-2019 - 14:04 03-03-2010 - 19:30
CVE-2010-0238 4.9
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel
26-02-2019 - 14:04 14-04-2010 - 16:00
CVE-2010-0812 6.4
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka
26-02-2019 - 14:04 14-04-2010 - 16:00
CVE-2009-0090 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application
26-02-2019 - 14:04 14-10-2009 - 10:30
CVE-2010-0236 7.2
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafte
26-02-2019 - 14:04 14-04-2010 - 16:00
CVE-2010-0235 4.7
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted applicati
26-02-2019 - 14:04 14-04-2010 - 16:00
CVE-2009-0093 3.5
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-
26-02-2019 - 14:04 11-03-2009 - 14:19
CVE-2009-0094 5.5
The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra
26-02-2019 - 14:04 11-03-2009 - 14:19
CVE-2012-0149 7.2
afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elev
26-02-2019 - 14:04 14-02-2012 - 22:55
CVE-2009-0091 9.3
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a craf
26-02-2019 - 14:04 14-10-2009 - 10:30
CVE-2010-0016 9.3
The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted respo
26-02-2019 - 14:04 10-02-2010 - 18:30
CVE-2011-3866 4.3
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
29-11-2018 - 16:02 29-09-2011 - 00:55
CVE-2011-3002 9.3
Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application
29-11-2018 - 16:02 29-09-2011 - 00:55
CVE-2011-3003 10.0
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting
29-11-2018 - 16:02 29-09-2011 - 00:55
CVE-2011-2455 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:41 11-11-2011 - 16:55
CVE-2011-2453 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:40 11-11-2011 - 16:55
CVE-2011-2454 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:40 11-11-2011 - 16:55
CVE-2011-2452 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:39 11-11-2011 - 16:55
CVE-2011-2459 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2451 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2460 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2456 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecifi
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2450 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (he
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2457 10.0
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code v
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2458 9.3
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2445 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:36 11-11-2011 - 16:55
CVE-2010-3405 6.8
Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.
28-11-2018 - 17:13 16-09-2010 - 21:00
CVE-2010-3187 10.0
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
28-11-2018 - 17:12 30-08-2010 - 20:00
CVE-2008-2136 7.8
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT
31-10-2018 - 18:55 16-05-2008 - 12:54
CVE-2009-3676 7.1
The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that co
30-10-2018 - 16:28 13-11-2009 - 15:30
CVE-2010-0017 9.3
Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, an
30-10-2018 - 16:28 10-02-2010 - 18:30
CVE-2013-6621 7.5
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
30-10-2018 - 16:27 13-11-2013 - 15:55
CVE-2013-2927 6.8
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspeci
30-10-2018 - 16:27 16-10-2013 - 20:55
CVE-2012-5146 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5139 10.0
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
30-10-2018 - 16:27 12-12-2012 - 11:38
CVE-2013-2919 7.5
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
30-10-2018 - 16:27 02-10-2013 - 10:35
CVE-2012-5132 5.0
Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding.
30-10-2018 - 16:27 28-11-2012 - 01:55
CVE-2012-5150 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5147 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5135 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
30-10-2018 - 16:27 28-11-2012 - 01:55
CVE-2012-5140 10.0
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
30-10-2018 - 16:27 12-12-2012 - 11:38
CVE-2012-5144 10.0
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impa
30-10-2018 - 16:27 12-12-2012 - 11:38
CVE-2012-5143 10.0
Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.
30-10-2018 - 16:27 12-12-2012 - 11:38
CVE-2012-5152 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5149 7.5
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5141 10.0
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
30-10-2018 - 16:27 12-12-2012 - 11:38
CVE-2012-5148 7.5
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5136 6.8
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML do
30-10-2018 - 16:27 28-11-2012 - 01:55
CVE-2012-5137 10.0
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
30-10-2018 - 16:27 04-12-2012 - 06:05
CVE-2012-5154 7.5
Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5142 10.0
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
30-10-2018 - 16:27 12-12-2012 - 11:38
CVE-2012-5133 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
30-10-2018 - 16:27 28-11-2012 - 01:55
CVE-2012-5130 5.0
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
30-10-2018 - 16:27 28-11-2012 - 01:55
CVE-2012-5153 7.5
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5138 10.0
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.
30-10-2018 - 16:27 04-12-2012 - 06:05
CVE-2010-3961 7.2
The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to ga
30-10-2018 - 16:27 16-12-2010 - 19:33
CVE-2012-5145 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-2885 7.5
Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2878 7.5
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2011-3079 10.0
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
30-10-2018 - 16:27 01-05-2012 - 10:12
CVE-2012-2886 4.3
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2881 7.5
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2013-2266 7.8
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as
30-10-2018 - 16:27 28-03-2013 - 16:55
CVE-2010-2551 7.8
The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via
30-10-2018 - 16:27 11-08-2010 - 18:47
CVE-2010-2552 7.8
Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request
30-10-2018 - 16:27 11-08-2010 - 18:47
CVE-2013-0836 6.8
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via craf
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2011-2009 9.3
Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current wor
30-10-2018 - 16:27 12-10-2011 - 02:52
CVE-2012-2877 5.0
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2866 7.5
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
30-10-2018 - 16:27 31-08-2012 - 19:55
CVE-2012-2876 7.5
Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2868 6.8
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) obj
30-10-2018 - 16:27 31-08-2012 - 19:55
CVE-2013-0835 5.0
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-2883 7.5
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2888 7.5
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2879 4.3
Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2865 4.3
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
30-10-2018 - 16:27 31-08-2012 - 19:55
CVE-2012-2867 5.0
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
30-10-2018 - 16:27 31-08-2012 - 19:55
CVE-2012-2869 7.5
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."
30-10-2018 - 16:27 31-08-2012 - 19:55
CVE-2010-3225 7.6
Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use Af
30-10-2018 - 16:27 13-10-2010 - 19:00
CVE-2013-0831 7.5
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-2882 6.8
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2887 7.5
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2011-3098 7.2
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
30-10-2018 - 16:27 16-05-2012 - 00:55
CVE-2012-2880 7.5
Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2884 5.0
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2874 7.5
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883
30-10-2018 - 16:27 26-09-2012 - 10:56
CVE-2012-2872 4.3
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
30-10-2018 - 16:27 31-08-2012 - 19:55
CVE-2013-0833 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0837 7.5
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0830 7.5
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0832 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2010-1892 7.8
The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple craft
30-10-2018 - 16:27 11-08-2010 - 18:47
CVE-2010-1893 6.8
Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows N
30-10-2018 - 16:27 11-08-2010 - 18:47
CVE-2013-0834 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2010-0477 10.0
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that ca
30-10-2018 - 16:27 14-04-2010 - 16:00
CVE-2010-0020 9.0
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fie
30-10-2018 - 16:27 10-02-2010 - 18:30
CVE-2010-0265 9.3
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." Per:
30-10-2018 - 16:27 10-03-2010 - 22:30
CVE-2010-0811 9.3
Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, an
30-10-2018 - 16:27 08-06-2010 - 22:30
CVE-2010-0021 7.1
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a craft
30-10-2018 - 16:27 10-02-2010 - 18:30
CVE-2010-0270 10.0
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (m
30-10-2018 - 16:27 14-04-2010 - 16:00
CVE-2010-0231 10.0
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of en
30-10-2018 - 16:27 10-02-2010 - 18:30
CVE-2010-0022 7.8
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share a
30-10-2018 - 16:27 10-02-2010 - 18:30
CVE-2011-0031 4.3
The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obt
30-10-2018 - 16:27 09-02-2011 - 01:00
CVE-2010-4699 5.0
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an i
30-10-2018 - 16:26 18-01-2011 - 20:00
CVE-2007-5236 5.4
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files vi
30-10-2018 - 16:26 06-10-2007 - 00:17
CVE-2010-4454 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-3569 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3572 10.0
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3562 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3574 10.0
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3571 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2008-4037 9.3
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as
30-10-2018 - 16:26 12-11-2008 - 23:30
CVE-2010-3565 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inf
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3556 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://w
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-4697 6.8
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of _
30-10-2018 - 16:26 18-01-2011 - 20:00
CVE-2010-3559 10.0
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3557 6.8
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2007-4590 3.3
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impa
30-10-2018 - 16:26 29-08-2007 - 01:17
CVE-2010-3554 10.0
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-4476 5.0
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows rem
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2006-7243 5.0
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argum
30-10-2018 - 16:26 18-01-2011 - 20:00
CVE-2010-3568 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3541 5.1
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-4142 4.3
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks b
30-10-2018 - 16:26 21-12-2009 - 16:30
CVE-2010-3396 7.2
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
30-10-2018 - 16:26 15-09-2010 - 18:00
CVE-2010-3553 10.0
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-3876 5.0
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2010-3551 5.0
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2011-2425 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2426 9.3
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2009-3877 5.0
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2011-2429 5.0
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2011-2110 10.0
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exp
30-10-2018 - 16:26 16-06-2011 - 23:55
CVE-2011-2416 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-2676 6.8
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attacke
30-10-2018 - 16:26 05-08-2009 - 19:30
CVE-2011-2139 6.4
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Pol
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2010-2215 4.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2009-3800 9.3
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2010-2213 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2009-3799 9.3
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers me
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2009-3293 7.5
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2011-2136 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3875 5.0
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2011-2414 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2138 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2010-3548 5.0
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the p
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-4143 10.0
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
30-10-2018 - 16:26 21-12-2009 - 16:30
CVE-2009-3796 9.3
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2011-2137 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2011-2427 9.3
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2011-2417 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2135 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3794 9.3
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2010-3549 6.8
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-3291 7.5
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2007-3899 9.3
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
30-10-2018 - 16:26 09-10-2007 - 22:17
CVE-2011-2130 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2009-3557 5.0
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix argu
30-10-2018 - 16:26 23-11-2009 - 17:30
CVE-2009-3798 9.3
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
30-10-2018 - 16:26 10-12-2009 - 19:30
CVE-2009-4018 7.5
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute pr
30-10-2018 - 16:26 29-11-2009 - 13:07
CVE-2011-2428 9.3
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic err
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2010-2216 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2011-2424 9.3
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or
30-10-2018 - 16:26 15-08-2011 - 21:55
CVE-2011-2415 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3292 7.5
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2011-2134 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2010-2214 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2011-2444 4.3
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2011-2430 9.3
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
30-10-2018 - 16:26 22-09-2011 - 03:38
CVE-2001-1076 7.2
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
30-10-2018 - 16:26 05-07-2001 - 04:00
CVE-2011-0560 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0608 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0578 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a d
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2008-0080 10.0
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
30-10-2018 - 16:26 12-02-2008 - 23:00
CVE-2011-0579 5.0
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2003-0851 5.0
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
30-10-2018 - 16:26 01-12-2003 - 05:00
CVE-2009-1147 7.2
Unspecified vulnerability in vmci.sys in the Virtual Machine Communication Interface (VMCI) in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 2.0.x before 2.0.1 build 156745 allo
30-10-2018 - 16:26 06-04-2009 - 15:30
CVE-2011-0866 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0864 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2003-0196 10.0
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
30-10-2018 - 16:26 05-05-2003 - 04:00
CVE-2011-0626 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0577 9.3
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0559 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a d
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0607 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0628 9.3
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.
30-10-2018 - 16:26 31-05-2011 - 20:55
CVE-2011-0619 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2004-0790 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
30-10-2018 - 16:26 12-04-2005 - 04:00
CVE-2011-0627 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0571 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0865 2.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2012-0768 10.0
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary
30-10-2018 - 16:26 05-03-2012 - 21:55
CVE-2011-0624 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0618 9.3
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0558 9.3
Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0575 6.9
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Sea
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2010-0209 9.3
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-221
30-10-2018 - 16:26 11-08-2010 - 18:47
CVE-2011-0625 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0815 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0862 10.0
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and avail
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0802 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2003-0694 10.0
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
30-10-2018 - 16:26 06-10-2003 - 04:00
CVE-2004-0714 5.0
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memo
30-10-2018 - 16:26 27-07-2004 - 04:00
CVE-2011-0561 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2004-0791 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench a
30-10-2018 - 16:26 12-04-2005 - 04:00
CVE-2011-0814 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0867 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0622 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0574 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0621 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0573 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2003-0201 10.0
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
30-10-2018 - 16:26 05-05-2003 - 04:00
CVE-2012-0769 5.0
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to ob
30-10-2018 - 16:26 05-03-2012 - 21:55
CVE-2011-0623 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2011-0572 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
30-10-2018 - 16:26 10-02-2011 - 16:00
CVE-2011-0620 9.3
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
30-10-2018 - 16:26 13-05-2011 - 22:55
CVE-2010-0187 4.3
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
30-10-2018 - 16:26 15-02-2010 - 18:30
CVE-2007-5398 9.3
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requ
30-10-2018 - 16:25 16-11-2007 - 18:46
CVE-2008-4024 9.3
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and
30-10-2018 - 16:25 10-12-2008 - 14:00
CVE-2007-6015 9.3
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC stri
30-10-2018 - 16:25 13-12-2007 - 21:46
CVE-2010-3631 9.3
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
30-10-2018 - 16:25 06-10-2010 - 17:00
CVE-2010-3624 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html 'This update
30-10-2018 - 16:25 06-10-2010 - 17:00
CVE-2006-4694 9.3
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Explo
30-10-2018 - 16:25 27-09-2006 - 19:07
CVE-2007-4572 9.3
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon se
30-10-2018 - 16:25 16-11-2007 - 18:46
CVE-2010-2176 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2163 9.3
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-1929 9.3
Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code v
30-10-2018 - 16:25 12-08-2009 - 17:30
CVE-2009-2532 10.0
Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a
30-10-2018 - 16:25 14-10-2009 - 10:30
CVE-2010-2187 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2175 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2164 9.3
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a c
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2883 9.3
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF documen
30-10-2018 - 16:25 09-09-2010 - 22:00
CVE-2010-2177 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2184 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2171 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3872 9.3
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2006-3606 5.0
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
30-10-2018 - 16:25 18-07-2006 - 15:46
CVE-2010-2181 9.3
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3868 9.3
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a c
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2010-2185 9.3
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2167 9.3
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-2526 7.8
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server se
30-10-2018 - 16:25 14-10-2009 - 10:30
CVE-2010-2161 9.3
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Per: http://www.adobe.com/support/secu
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3373 10.0
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
30-10-2018 - 16:25 29-10-2009 - 14:30
CVE-2010-2173 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator,
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-1546 8.5
Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP
30-10-2018 - 16:25 12-08-2009 - 17:30
CVE-2009-3873 9.3
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem,"
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3869 9.3
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and S
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3793 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2183 9.3
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3871 9.3
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-2674 7.5
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during dis
30-10-2018 - 16:25 05-08-2009 - 19:30
CVE-2010-2188 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 conn
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3874 9.3
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary co
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3867 9.3
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2010-2174 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operat
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2166 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2178 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2180 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2170 9.3
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2162 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calcula
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-3372 9.3
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
30-10-2018 - 16:25 29-10-2009 - 14:30
CVE-2006-3876 9.3
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vuln
30-10-2018 - 16:25 10-10-2006 - 21:07
CVE-2010-2160 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumente
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2169 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: http://www.ado
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2010-2165 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2008-3450 7.2
Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.
30-10-2018 - 16:25 04-08-2008 - 18:41
CVE-2010-2182 9.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2009-1545 9.3
Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbit
30-10-2018 - 16:25 12-08-2009 - 17:30
CVE-2010-2186 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. P
30-10-2018 - 16:25 15-06-2010 - 18:00
CVE-2008-2168 4.3
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
30-10-2018 - 16:25 13-05-2008 - 21:20
CVE-2011-0600 9.3
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorre
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0570 6.9
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2009-1146 4.9
Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 allows lo
30-10-2018 - 16:25 06-04-2009 - 15:30
CVE-2011-0606 9.3
Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2010-0182 4.3
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2007-0043 9.3
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer,
30-10-2018 - 16:25 10-07-2007 - 22:30
CVE-2007-0165 7.8
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
30-10-2018 - 16:25 10-01-2007 - 00:28
CVE-2011-0591 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2008-1451 7.2
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
30-10-2018 - 16:25 12-06-2008 - 02:32
CVE-2011-0592 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2009-1244 6.8
Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; V
30-10-2018 - 16:25 13-04-2009 - 16:30
CVE-2011-0602 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2010-0174 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2010-0173 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and applica
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2008-0965 9.3
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
30-10-2018 - 16:25 08-08-2008 - 18:41
CVE-2011-0593 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0585 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2007-0042 7.8
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechani
30-10-2018 - 16:25 10-07-2007 - 22:30
CVE-2011-0562 6.9
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0598 9.3
Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0590 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CV
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2010-0175 9.3
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of se
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2003-0224 10.0
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer
30-10-2018 - 16:25 09-06-2003 - 04:00
CVE-2011-0594 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0563 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0595 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0567 9.3
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that tri
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2010-0176 9.3
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to
30-10-2018 - 16:25 05-04-2010 - 17:30
CVE-2011-0603 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0564 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0586 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2007-0041 9.3
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths
30-10-2018 - 16:25 10-07-2007 - 22:30
CVE-2011-0599 9.3
The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointe
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0596 9.3
The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0589 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2004-0082 7.5
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable pas
30-10-2018 - 16:25 03-03-2004 - 05:00
CVE-2011-0587 4.3
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0604 4.3
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0565 9.3
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2011-0588 6.9
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2004-0200 9.3
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to
30-10-2018 - 16:25 28-09-2004 - 04:00
CVE-2009-0087 9.3
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to exe
30-10-2018 - 16:25 15-04-2009 - 08:00
CVE-2011-0566 9.3
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
30-10-2018 - 16:25 10-02-2011 - 18:00
CVE-2006-0749 9.3
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via
19-10-2018 - 15:46 14-04-2006 - 10:02
CVE-2006-0058 7.6
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory location
19-10-2018 - 15:42 22-03-2006 - 20:06
CVE-2006-0021 7.8
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
19-10-2018 - 15:42 14-02-2006 - 19:06
CVE-2006-0015 6.8
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute
19-10-2018 - 15:42 11-04-2006 - 23:02
CVE-2006-0023 4.3
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1)
19-10-2018 - 15:42 08-02-2006 - 02:18
CVE-2005-4316 7.8
HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
19-10-2018 - 15:40 17-12-2005 - 11:03
CVE-2005-4451 7.5
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
19-10-2018 - 15:40 21-12-2005 - 11:03
CVE-2005-2993 1.7
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
19-10-2018 - 15:34 20-09-2005 - 20:03
CVE-2005-2335 5.0
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifie
19-10-2018 - 15:32 27-07-2005 - 04:00
CVE-2005-1934 5.0
Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.
19-10-2018 - 15:32 19-05-2005 - 04:00
CVE-2005-1993 3.7
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
19-10-2018 - 15:32 20-06-2005 - 04:00
CVE-2005-1410 2.1
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause
19-10-2018 - 15:31 03-05-2005 - 04:00
CVE-2005-1269 5.0
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
19-10-2018 - 15:31 16-06-2005 - 04:00
CVE-2005-0953 3.7
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
19-10-2018 - 15:31 02-05-2005 - 04:00
CVE-2005-1263 7.2
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables
19-10-2018 - 15:31 11-05-2005 - 04:00
CVE-2005-0688 5.0
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence o
19-10-2018 - 15:31 05-03-2005 - 05:00
CVE-2005-1409 7.5
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
19-10-2018 - 15:31 03-05-2005 - 04:00
CVE-2005-1046 7.5
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
19-10-2018 - 15:31 02-05-2005 - 04:00
CVE-2004-1060 5.0
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment w
19-10-2018 - 15:30 12-04-2004 - 04:00
CVE-2004-0230 5.0
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
19-10-2018 - 15:30 18-08-2004 - 04:00
CVE-2003-0085 10.0
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
19-10-2018 - 15:29 31-03-2003 - 05:00
CVE-2006-3442 7.6
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. Successful exploitation requires that the MSMQ (Microsoft Messag
18-10-2018 - 16:47 12-09-2006 - 23:07
CVE-2006-3201 4.9
Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
18-10-2018 - 16:46 23-06-2006 - 20:06
CVE-2006-3335 7.2
Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.
18-10-2018 - 16:46 03-07-2006 - 01:05
CVE-2006-3086 9.3
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as
18-10-2018 - 16:45 19-06-2006 - 19:02
CVE-2006-2574 7.2
Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.
18-10-2018 - 16:40 24-05-2006 - 23:02
CVE-2006-1993 5.1
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which ca
18-10-2018 - 16:37 25-04-2006 - 12:50
CVE-2006-1742 5.0
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remot
18-10-2018 - 16:36 14-04-2006 - 10:02
CVE-2006-1737 9.3
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via
18-10-2018 - 16:35 14-04-2006 - 18:02
CVE-2006-1735 9.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javas
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1739 9.3
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1733 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1740 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1738 5.0
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (
18-10-2018 - 16:35 14-04-2006 - 18:02
CVE-2006-1734 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal func
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1741 4.3
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new p
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1736 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image li
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1732 4.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS)
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1724 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via atta
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1731 4.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are calle
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1689 7.2
Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. HP-UX B.11.11: Install PHCO_34545 or later.
18-10-2018 - 16:33 11-04-2006 - 00:02
CVE-2006-1315 5.0
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are
18-10-2018 - 16:32 11-07-2006 - 21:05
CVE-2006-1314 7.5
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages th
18-10-2018 - 16:32 11-07-2006 - 21:05
CVE-2006-5585 7.2
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
17-10-2018 - 21:43 13-12-2006 - 01:28
CVE-2006-5583 10.0
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerabilit
17-10-2018 - 21:43 12-12-2006 - 20:28
CVE-2006-5452 4.6
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
17-10-2018 - 21:42 23-10-2006 - 17:07
CVE-2006-5151 10.0
Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.
17-10-2018 - 21:41 05-10-2006 - 04:04
CVE-2006-4795 4.6
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.
17-10-2018 - 21:39 14-09-2006 - 21:07
CVE-2006-4696 9.0
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
17-10-2018 - 21:39 10-10-2006 - 22:07
CVE-2006-4688 7.5
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerabil
17-10-2018 - 21:39 14-11-2006 - 22:07
CVE-2006-4689 5.0
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors,
17-10-2018 - 21:39 14-11-2006 - 22:07
CVE-2006-4343 4.3
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer
17-10-2018 - 21:36 28-09-2006 - 18:07
CVE-2006-4187 2.1
Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.
17-10-2018 - 21:33 17-08-2006 - 00:04
CVE-2006-3942 7.8
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, w
17-10-2018 - 21:32 31-07-2006 - 23:04
CVE-2006-3877 9.3
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerabil
17-10-2018 - 21:32 10-10-2006 - 22:07
CVE-2007-2225 4.3
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer
16-10-2018 - 16:42 12-06-2007 - 20:30
CVE-2007-2224 9.3
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextN
16-10-2018 - 16:42 14-08-2007 - 21:17
CVE-2007-2218 9.3
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that a
16-10-2018 - 16:42 12-06-2007 - 19:30
CVE-2007-2227 4.3
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domai
16-10-2018 - 16:42 12-06-2007 - 21:30
CVE-2007-1205 9.3
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
16-10-2018 - 16:37 10-04-2007 - 21:19
CVE-2007-1206 7.2
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which a
16-10-2018 - 16:37 10-04-2007 - 21:19
CVE-2007-0870 7.6
Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS0
16-10-2018 - 16:34 11-02-2007 - 21:28
CVE-2007-0069 9.3
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that t
16-10-2018 - 16:31 08-01-2008 - 20:46
CVE-2008-0106 9.0
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
15-10-2018 - 21:57 08-07-2008 - 23:41
CVE-2007-6425 10.0
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
15-10-2018 - 21:53 23-01-2008 - 21:00
CVE-2007-6203 4.3
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using w
15-10-2018 - 21:50 03-12-2007 - 22:46
CVE-2007-6195 10.0
Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malfor
15-10-2018 - 21:50 15-12-2007 - 01:46
CVE-2007-6026 9.3
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing
15-10-2018 - 21:49 20-11-2007 - 00:46
CVE-2007-5587 6.9
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory loc
15-10-2018 - 21:45 19-10-2007 - 21:17
CVE-2007-5351 10.0
Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnera
15-10-2018 - 21:43 12-12-2007 - 00:46
CVE-2007-5350 7.2
Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
15-10-2018 - 21:43 12-12-2007 - 00:46
CVE-2007-4999 4.3
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
15-10-2018 - 21:39 29-10-2007 - 22:46
CVE-2007-4996 4.3
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an in
15-10-2018 - 21:39 01-10-2007 - 20:17
CVE-2007-4887 4.3
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit
15-10-2018 - 21:38 14-09-2007 - 00:17
CVE-2007-4752 7.5
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted
15-10-2018 - 21:37 12-09-2007 - 01:17
CVE-2013-3853 9.3
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
12-10-2018 - 22:05 11-09-2013 - 14:03
CVE-2013-3889 9.3
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Serve
12-10-2018 - 22:05 09-10-2013 - 14:53
CVE-2013-3854 9.3
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
12-10-2018 - 22:05 11-09-2013 - 14:03
CVE-2013-3896 4.3
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability.
12-10-2018 - 22:05 09-10-2013 - 14:53
CVE-2013-3133 9.3
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafte
12-10-2018 - 22:04 10-07-2013 - 03:46
CVE-2013-3171 9.3
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser a
12-10-2018 - 22:04 10-07-2013 - 03:46
CVE-2013-3132 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBA
12-10-2018 - 22:04 10-07-2013 - 03:46
CVE-2013-3134 9.3
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework ap
12-10-2018 - 22:04 10-07-2013 - 03:46
CVE-2013-3182 7.8
The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause a denial of service (memory corruption and system h
12-10-2018 - 22:04 14-08-2013 - 11:10
CVE-2013-3131 9.3
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a craf
12-10-2018 - 22:04 10-07-2013 - 03:46
CVE-2013-1337 7.5
Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authenti
12-10-2018 - 22:04 15-05-2013 - 03:36
CVE-2013-1331 9.3
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
12-10-2018 - 22:04 12-06-2013 - 03:29
CVE-2013-1333 7.2
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
12-10-2018 - 22:04 15-05-2013 - 03:36
CVE-2013-1336 5.0
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve s
12-10-2018 - 22:04 15-05-2013 - 03:36
CVE-2013-1305 7.8
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
12-10-2018 - 22:04 15-05-2013 - 03:36
CVE-2012-3214 2.1
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
12-10-2018 - 22:03 17-10-2012 - 00:55
CVE-2012-3217 2.1
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK. Per: http://www.oracle.com/technetwork/topic
12-10-2018 - 22:03 17-10-2012 - 10:54
CVE-2012-2543 9.3
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack O
12-10-2018 - 22:03 14-11-2012 - 00:55
CVE-2012-2526 9.3
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, ak
12-10-2018 - 22:03 15-08-2012 - 01:55
CVE-2012-1894 6.9
Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these
12-10-2018 - 22:03 10-07-2012 - 21:55
CVE-2012-2520 4.3
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0
12-10-2018 - 22:03 09-10-2012 - 21:55
CVE-2013-0096 6.8
Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." Per: http://technet.microsof
12-10-2018 - 22:03 15-05-2013 - 03:36
CVE-2013-0010 4.3
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerabili
12-10-2018 - 22:03 09-01-2013 - 18:09
CVE-2013-0095 5.0
Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 ele
12-10-2018 - 22:03 13-03-2013 - 00:55
CVE-2013-0086 5.0
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
12-10-2018 - 22:03 13-03-2013 - 00:55
CVE-2013-0009 4.3
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerabili
12-10-2018 - 22:03 09-01-2013 - 18:09
CVE-2012-1868 6.9
Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
12-10-2018 - 22:02 12-06-2012 - 22:55
CVE-2012-1885 9.3
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Se
12-10-2018 - 22:02 14-11-2012 - 00:55
CVE-2012-1515 8.3
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtu
12-10-2018 - 22:02 02-04-2012 - 10:46
CVE-2012-1853 10.0
Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Admini
12-10-2018 - 22:02 15-08-2012 - 01:55
CVE-2012-1852 10.0
Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote
12-10-2018 - 22:02 15-08-2012 - 01:55
CVE-2012-1887 9.3
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vuln
12-10-2018 - 22:02 14-11-2012 - 00:55
CVE-2012-0158 9.3
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005
12-10-2018 - 22:02 10-04-2012 - 21:55
CVE-2012-0181 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard L
12-10-2018 - 22:02 09-05-2012 - 00:55
CVE-2012-0162 9.3
Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Alloc
12-10-2018 - 22:02 09-05-2012 - 00:55
CVE-2012-0164 5.0
Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Co
12-10-2018 - 22:02 09-05-2012 - 00:55
CVE-2012-0160 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted
12-10-2018 - 22:02 09-05-2012 - 00:55
CVE-2012-0179 7.2
Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free
12-10-2018 - 22:02 09-05-2012 - 00:55
CVE-2012-0161 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrar
12-10-2018 - 22:02 09-05-2012 - 00:55
CVE-2012-0174 1.7
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potenti
12-10-2018 - 22:02 09-05-2012 - 00:55
CVE-2012-0163 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted AS
12-10-2018 - 22:02 10-04-2012 - 21:55
CVE-2011-3413 9.3
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory
12-10-2018 - 22:01 14-12-2011 - 00:55
CVE-2011-3410 9.3
Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vu
12-10-2018 - 22:01 14-12-2011 - 00:55
CVE-2011-3412 9.3
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
12-10-2018 - 22:01 14-12-2011 - 00:55
CVE-2011-1976 4.3
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer C
12-10-2018 - 22:01 10-08-2011 - 21:55
CVE-2011-2007 5.0
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
12-10-2018 - 22:01 12-10-2011 - 02:52
CVE-2011-2008 5.0
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
12-10-2018 - 22:01 12-10-2011 - 02:52
CVE-2011-1989 9.3
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for
12-10-2018 - 22:01 15-09-2011 - 12:26
CVE-2011-1508 9.3
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer
12-10-2018 - 22:00 14-12-2011 - 00:55
CVE-2011-0673 7.2
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." Per: http://cwe.mitre.or
12-10-2018 - 21:59 13-04-2011 - 20:26
CVE-2010-3960 4.9
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
12-10-2018 - 21:58 16-12-2010 - 19:33
CVE-2010-3955 9.3
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Inde
12-10-2018 - 21:58 16-12-2010 - 19:33
CVE-2010-2728 9.3
Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in O
12-10-2018 - 21:58 15-09-2010 - 19:00
CVE-2010-2571 9.3
Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array
12-10-2018 - 21:58 16-12-2010 - 19:33
CVE-2010-1888 6.8
Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."
12-10-2018 - 21:57 11-08-2010 - 18:47
CVE-2010-0239 10.0
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arb
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0032 9.3
Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0030 9.3
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0242 7.8
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, ak
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0479 9.3
Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow
12-10-2018 - 21:56 14-04-2010 - 16:00
CVE-2010-0031 9.3
Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invali
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0033 9.3
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0034 9.3
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0029 9.3
Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0241 10.0
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitr
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0240 10.0
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which a
12-10-2018 - 21:56 10-02-2010 - 18:30
CVE-2010-0261 9.3
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a
12-10-2018 - 21:56 10-03-2010 - 22:30
CVE-2010-0237 6.9
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
12-10-2018 - 21:56 14-04-2010 - 16:00
CVE-2009-3127 9.3
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code
12-10-2018 - 21:52 11-11-2009 - 19:30
CVE-2009-3128 9.3
Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView
12-10-2018 - 21:52 11-11-2009 - 19:30
CVE-2009-3103 10.0
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
12-10-2018 - 21:52 08-09-2009 - 22:30
CVE-2009-2512 9.3
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2)
12-10-2018 - 21:51 11-11-2009 - 19:30
CVE-2009-2493 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,
12-10-2018 - 21:51 29-07-2009 - 17:30
CVE-2009-1536 2.6
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via
12-10-2018 - 21:51 12-08-2009 - 17:30
CVE-2009-1137 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulne
12-10-2018 - 21:51 12-05-2009 - 22:30
CVE-2009-0222 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-1131 9.3
Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Dat
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0225 9.3
Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corrupti
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-1129 9.3
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a fil
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0549 9.3
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Ex
12-10-2018 - 21:50 10-06-2009 - 18:30
CVE-2009-0223 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulne
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-1128 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vul
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-1130 9.3
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0565 9.3
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Forma
12-10-2018 - 21:50 10-06-2009 - 18:00
CVE-2009-0227 9.3
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a fil
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0558 9.3
Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Arra
12-10-2018 - 21:50 10-06-2009 - 18:30
CVE-2009-0220 9.3
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file th
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0226 9.3
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0556 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value tha
12-10-2018 - 21:50 03-04-2009 - 18:30
CVE-2009-0221 9.3
Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0217 5.0
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
12-10-2018 - 21:49 14-07-2009 - 23:30
CVE-2008-4269 8.5
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML docum
12-10-2018 - 21:48 10-12-2008 - 14:00
CVE-2008-4268 8.5
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search f
12-10-2018 - 21:48 10-12-2008 - 14:00
CVE-2008-4266 9.3
Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Exc
12-10-2018 - 21:48 10-12-2008 - 14:00
CVE-2008-3464 7.2
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a cra
12-10-2018 - 21:48 15-10-2008 - 00:12
CVE-2008-3466 10.0
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or
12-10-2018 - 21:48 15-10-2008 - 00:12
CVE-2008-2540 9.3
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downlo
12-10-2018 - 21:47 03-06-2008 - 15:32
CVE-2008-1453 8.3
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
12-10-2018 - 21:47 12-06-2008 - 02:32
CVE-2008-1441 5.4
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options,
12-10-2018 - 21:45 12-06-2008 - 02:32
CVE-2008-1444 9.3
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the
12-10-2018 - 21:45 12-06-2008 - 02:32
CVE-2008-0084 7.8
Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. Apply patches. Windows Vista: http://www.microsoft.com/downloads/de..
12-10-2018 - 21:44 12-02-2008 - 21:00
CVE-2007-0208 9.3
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers
12-10-2018 - 21:42 13-02-2007 - 21:28
CVE-2007-0515 9.3
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Md
12-10-2018 - 21:42 26-01-2007 - 00:28
CVE-2007-0211 7.2
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of
12-10-2018 - 21:42 13-02-2007 - 20:28
CVE-2007-0025 9.3
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers
12-10-2018 - 21:42 13-02-2007 - 20:28
CVE-2007-0209 9.3
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corru
12-10-2018 - 21:42 13-02-2007 - 21:28
CVE-2006-3440 10.0
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
12-10-2018 - 21:40 09-08-2006 - 01:04
CVE-2006-3438 9.3
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file contain
12-10-2018 - 21:40 09-08-2006 - 00:04
CVE-2006-2492 7.6
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by
12-10-2018 - 21:40 20-05-2006 - 00:02
CVE-2006-3648 7.6
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly
12-10-2018 - 21:40 09-08-2006 - 01:04
CVE-2006-0024 5.1
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
12-10-2018 - 21:38 15-03-2006 - 16:06
CVE-2005-1208 10.0
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer ov
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1213 7.5
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-0550 2.1
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
12-10-2018 - 21:36 02-05-2005 - 04:00
CVE-2005-0551 10.0
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that p
12-10-2018 - 21:36 02-05-2005 - 04:00
CVE-2005-1219 7.5
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
12-10-2018 - 21:36 12-07-2005 - 04:00
CVE-2005-1206 7.5
Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2004-0900 10.0
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Req
12-10-2018 - 21:35 10-01-2005 - 05:00
CVE-2004-0899 5.0
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application cra
12-10-2018 - 21:35 10-01-2005 - 05:00
CVE-2004-0575 10.0
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unche
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0572 10.0
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grp
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0597 10.0
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transpar
12-10-2018 - 21:34 23-11-2004 - 05:00
CVE-2004-0206 7.5
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or appl
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0205 7.2
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
12-10-2018 - 21:34 06-08-2004 - 04:00
CVE-2004-0380 10.0
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM)
12-10-2018 - 21:34 04-05-2004 - 04:00
CVE-2004-0208 7.2
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a wa
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0123 7.5
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
12-10-2018 - 21:34 01-06-2004 - 04:00
CVE-2004-0209 10.0
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image form
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0124 2.6
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
12-10-2018 - 21:34 01-06-2004 - 04:00
CVE-2003-0807 5.0
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted r
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0906 7.6
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or E
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0910 7.2
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descri
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0820 7.5
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
12-10-2018 - 21:33 15-12-2003 - 05:00
CVE-2003-0908 7.2
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0117 7.5
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0116 5.0
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0821 7.5
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
12-10-2018 - 21:33 15-12-2003 - 05:00
CVE-2003-0806 7.5
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0118 7.2
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0525 5.0
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0353 7.5
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0346 7.5
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which l
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0533 7.5
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and
12-10-2018 - 21:32 01-06-2004 - 04:00
CVE-2003-0349 7.5
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via
12-10-2018 - 21:32 24-07-2003 - 04:00
CVE-2002-0641 7.5
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSER
12-10-2018 - 21:31 23-07-2002 - 04:00
CVE-2002-0154 7.5
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
12-10-2018 - 21:31 16-05-2002 - 04:00
CVE-2002-0070 7.6
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
12-10-2018 - 21:31 15-03-2002 - 05:00
CVE-2002-0624 7.5
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authenticat
12-10-2018 - 21:31 23-07-2002 - 04:00
CVE-2002-0020 7.5
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2002-0053 7.5
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2001-0719 7.5
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
12-10-2018 - 21:30 06-12-2001 - 05:00
CVE-2001-0333 7.5
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
12-10-2018 - 21:30 27-06-2001 - 04:00
CVE-2001-0045 10.0
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-2001-0047 7.5
The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnera
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-2001-0046 4.6
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Pe
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-1999-0736 5.0
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
12-10-2018 - 21:29 07-05-1999 - 04:00
CVE-2000-0377 5.0
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
12-10-2018 - 21:29 08-06-2000 - 04:00
CVE-2009-0361 4.6
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files b
11-10-2018 - 21:01 13-02-2009 - 17:30
CVE-2009-0360 6.2
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configurat
11-10-2018 - 21:01 13-02-2009 - 17:30
CVE-2009-0159 6.8
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
11-10-2018 - 21:00 14-04-2009 - 15:30
CVE-2008-5353 10.0
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows rem
11-10-2018 - 20:55 05-12-2008 - 11:30
CVE-2008-5349 7.1
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
11-10-2018 - 20:54 05-12-2008 - 11:30
CVE-2008-4546 4.3
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP reque
11-10-2018 - 20:52 14-10-2008 - 15:28
CVE-2008-2955 4.3
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
11-10-2018 - 20:45 01-07-2008 - 22:41
CVE-2008-2086 9.3
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) ja
11-10-2018 - 20:39 05-12-2008 - 02:30
CVE-2010-4435 10.0
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the Jan
10-10-2018 - 20:08 19-01-2011 - 17:00
CVE-2010-3573 5.1
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
10-10-2018 - 20:04 19-10-2010 - 22:00
CVE-2010-3613 4.0
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a
10-10-2018 - 20:04 06-12-2010 - 13:44
CVE-2010-3567 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
10-10-2018 - 20:04 19-10-2010 - 22:00
CVE-2010-3566 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
10-10-2018 - 20:04 19-10-2010 - 22:00
CVE-2010-1404 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SV
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1403 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary co
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1749 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1402 9.3
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors
10-10-2018 - 19:57 11-06-2010 - 18:00
CVE-2010-1397 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-1398 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (mem
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-1392 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-1401 9.3
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus
10-10-2018 - 19:56 11-06-2010 - 18:00
CVE-2010-0998 10.0
Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP
10-10-2018 - 19:55 17-05-2010 - 21:00
CVE-2010-0999 7.1
Directory traversal vulnerability in Free Download Manager (FDM) before 3.0.852 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
10-10-2018 - 19:55 17-05-2010 - 21:00
CVE-2010-1039 10.0
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers
10-10-2018 - 19:55 20-05-2010 - 17:30
CVE-2009-4310 9.3
Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream i
10-10-2018 - 19:49 13-12-2009 - 01:30
CVE-2009-4309 9.3
Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 str
10-10-2018 - 19:49 13-12-2009 - 01:30
CVE-2009-4003 9.3
Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 allow remote attackers to execute arbitrary code via (1) an unspecified block type in a Shockwave file, leading to a heap-based buffer overflow; and might allow remote attackers t
10-10-2018 - 19:48 21-01-2010 - 19:30
CVE-2009-4210 9.3
The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
10-10-2018 - 19:48 13-12-2009 - 01:30
CVE-2009-4002 9.3
Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file.
10-10-2018 - 19:48 21-01-2010 - 19:30
CVE-2009-3027 10.0
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF)
10-10-2018 - 19:42 11-12-2009 - 16:30
CVE-2009-2813 6.0
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle error
10-10-2018 - 19:42 14-09-2009 - 16:30
CVE-2009-3018 4.3
Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a
10-10-2018 - 19:42 31-08-2009 - 16:30
CVE-2009-2671 5.0
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2)
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2670 5.0
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2675 10.0
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2672 7.5
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications,
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2673 7.5
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspec
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-1869 9.3
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly
10-10-2018 - 19:38 31-07-2009 - 19:30
CVE-2009-1252 6.8
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing a
10-10-2018 - 19:35 19-05-2009 - 19:30
CVE-2009-0847 4.3
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, rela
10-10-2018 - 19:32 09-04-2009 - 00:30
CVE-2009-0744 5.0
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (
10-10-2018 - 19:30 27-02-2009 - 17:30
CVE-2009-0696 4.3
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon ex
10-10-2018 - 19:30 29-07-2009 - 17:30
CVE-2011-3185 9.3
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
09-10-2018 - 19:33 29-08-2011 - 17:55
CVE-2011-0994 10.0
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
09-10-2018 - 19:30 10-04-2011 - 02:55
CVE-2005-1739 5.0
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
03-10-2018 - 21:30 24-05-2005 - 04:00
CVE-2005-0448 1.2
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
03-10-2018 - 21:29 02-05-2005 - 04:00
CVE-1999-0104 5.0
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
22-08-2018 - 10:29 16-12-1997 - 05:00
CVE-2013-2885 7.5
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript
13-08-2018 - 21:47 31-07-2013 - 13:20
CVE-2012-2686 5.0
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
09-08-2018 - 01:29 08-02-2013 - 19:55
CVE-2013-0166 5.0
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
09-08-2018 - 01:29 08-02-2013 - 19:55
CVE-2003-0985 7.2
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing
03-05-2018 - 01:29 20-01-2004 - 05:00
CVE-2003-0695 7.5
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a differe
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2003-0693 10.0
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CV
03-05-2018 - 01:29 22-09-2003 - 04:00
CVE-2004-0077 7.2
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local
03-05-2018 - 01:29 03-03-2004 - 05:00
CVE-2005-2871 7.5
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with al
03-05-2018 - 01:29 09-09-2005 - 18:03
CVE-2004-0148 7.2
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
03-05-2018 - 01:29 15-04-2004 - 04:00
CVE-2004-0416 10.0
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
03-05-2018 - 01:29 06-08-2004 - 04:00
CVE-2003-0476 2.1
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
03-05-2018 - 01:29 07-08-2003 - 04:00
CVE-1999-0693 7.2
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
03-05-2018 - 01:29 02-03-2000 - 05:00
CVE-2005-1751 3.7
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
03-05-2018 - 01:29 25-05-2005 - 04:00
CVE-2003-0682 7.5
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2003-0688 5.0
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that caus
03-05-2018 - 01:29 20-10-2003 - 04:00
CVE-2004-0414 10.0
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary
03-05-2018 - 01:29 06-08-2004 - 04:00
CVE-2005-3295 2.1
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
03-05-2018 - 01:29 23-10-2005 - 21:02
CVE-2004-0418 10.0
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical prog
03-05-2018 - 01:29 06-08-2004 - 04:00
CVE-2003-0681 7.5
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2004-0417 5.0
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consu
03-05-2018 - 01:29 06-08-2004 - 04:00
CVE-2012-4929 2.6
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plain
22-04-2018 - 01:29 15-09-2012 - 18:55
CVE-2005-1794 6.4
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle atta
28-03-2018 - 01:29 01-06-2005 - 04:00
CVE-2011-4939 6.4
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.
18-01-2018 - 02:29 15-03-2012 - 10:55
CVE-2012-1178 5.0
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
18-01-2018 - 02:29 15-03-2012 - 10:55
CVE-2007-6750 5.0
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10-01-2018 - 02:29 27-12-2011 - 18:55
CVE-2011-4858 5.0
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU con
09-01-2018 - 02:29 05-01-2012 - 19:55
CVE-2011-3670 5.0
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by makin
29-12-2017 - 02:29 01-02-2012 - 16:55
CVE-2011-3093 5.0
Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3084 7.5
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3089 10.0
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3091 10.0
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3092 10.0
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3087 10.0
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3094 5.0
Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3095 10.0
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2012-2318 5.0
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
29-12-2017 - 02:29 03-07-2012 - 19:55
CVE-2011-3090 7.6
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3100 5.0
Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3083 5.0
browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference a
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2012-2214 3.5
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer req
29-12-2017 - 02:29 03-07-2012 - 19:55
CVE-2012-1965 4.3
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascr
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2012-1966 4.3
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
29-12-2017 - 02:29 18-07-2012 - 10:26
CVE-2011-3086 10.0
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3088 5.0
Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3085 5.0
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
29-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2010-4468 4.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect c
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2011-0873 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0786 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0869 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related t
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0868 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0817 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0788 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0872 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0863 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2001-1181 7.2
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
19-12-2017 - 02:29 16-07-2001 - 04:00
CVE-2011-3097 10.0
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
05-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2011-3099 10.0
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
05-12-2017 - 02:29 16-05-2012 - 00:55
CVE-2012-3374 7.5
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
01-12-2017 - 02:29 07-07-2012 - 10:21
CVE-2013-3744 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400. P
18-11-2017 - 02:29 18-06-2013 - 22:55
CVE-2009-0177 5.0
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0
19-10-2017 - 01:30 20-01-2009 - 16:00
CVE-2006-5558 10.0
Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the det
19-10-2017 - 01:29 27-10-2006 - 16:07
CVE-2006-5557 4.6
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the de
19-10-2017 - 01:29 27-10-2006 - 16:07
CVE-1999-1573 10.0
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.
19-10-2017 - 01:29 28-12-1999 - 05:00
CVE-2007-1900 5.0
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression
11-10-2017 - 01:32 10-04-2007 - 18:19
CVE-2007-1993 9.3
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure
11-10-2017 - 01:32 12-04-2007 - 10:19
CVE-2006-5013 7.8
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
11-10-2017 - 01:31 27-09-2006 - 01:07
CVE-2006-4188 5.0
Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.
11-10-2017 - 01:31 17-08-2006 - 00:04
CVE-2007-0916 4.9
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
11-10-2017 - 01:31 14-02-2007 - 02:28
CVE-2007-1798 7.2
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.
11-10-2017 - 01:31 02-04-2007 - 22:19
CVE-2007-0479 7.8
Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.
11-10-2017 - 01:31 25-01-2007 - 00:28
CVE-2005-2269 7.5
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-0988 3.7
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip af
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2702 7.5
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1057 7.5
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1760 7.5
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
11-10-2017 - 01:30 13-06-2005 - 04:00
CVE-2006-1389 7.8
Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
11-10-2017 - 01:30 25-03-2006 - 00:06
CVE-2005-2706 6.4
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1937 2.6
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that wa
11-10-2017 - 01:30 14-06-2005 - 04:00
CVE-2005-2266 5.0
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensit
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2267 7.5
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may le
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2006-0486 4.6
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user d
11-10-2017 - 01:30 01-02-2006 - 02:02
CVE-2005-2701 7.5
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-3779 7.2
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
11-10-2017 - 01:30 23-11-2005 - 01:03
CVE-2005-3396 7.5
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
11-10-2017 - 01:30 01-11-2005 - 12:47
CVE-2006-1509 4.9
/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. This vulnerability affects all versions of HP-UX B.11.00, B.11.11, an
11-10-2017 - 01:30 30-03-2006 - 01:06
CVE-2005-2261 7.5
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2006-1248 4.6
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which migh
11-10-2017 - 01:30 17-03-2006 - 19:02
CVE-2005-2270 7.5
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1477 5.1
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when
11-10-2017 - 01:30 09-05-2005 - 04:00
CVE-2005-1476 5.1
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
11-10-2017 - 01:30 09-05-2005 - 04:00
CVE-2005-3564 7.2
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
11-10-2017 - 01:30 16-11-2005 - 07:42
CVE-2005-2705 7.5
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2265 5.0
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1058 7.5
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass X
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2260 7.5
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dan
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2707 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2006-0516 2.1
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
11-10-2017 - 01:30 02-02-2006 - 11:02
CVE-2005-2268 2.6
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "D
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2006-0436 7.2
Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.
11-10-2017 - 01:30 26-01-2006 - 11:07
CVE-2005-3565 7.5
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.
11-10-2017 - 01:30 16-11-2005 - 07:42
CVE-2005-2841 7.5
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted u
11-10-2017 - 01:30 08-09-2005 - 10:03
CVE-2005-2704 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2006-0485 4.6
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allo
11-10-2017 - 01:30 01-02-2006 - 02:02
CVE-2005-2703 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smugglin
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1275 5.0
Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.
11-10-2017 - 01:30 25-04-2005 - 04:00
CVE-2005-2263 5.0
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which ca
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1228 5.0
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1192 5.0
Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-3296 10.0
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
11-10-2017 - 01:30 23-10-2005 - 21:02
CVE-2002-2261 7.5
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
11-10-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-2262 5.0
Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.
11-10-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-0585 5.0
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service.
11-10-2017 - 01:29 18-06-2002 - 04:00
CVE-2002-0279 4.6
The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.
11-10-2017 - 01:29 31-05-2002 - 04:00
CVE-2001-1182 7.2
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
11-10-2017 - 01:29 17-07-2001 - 04:00
CVE-2001-1509 4.6
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
11-10-2017 - 01:29 31-12-2001 - 05:00
CVE-2002-1409 2.1
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
11-10-2017 - 01:29 11-04-2003 - 04:00
CVE-2002-0798 2.1
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.
11-10-2017 - 01:29 12-08-2002 - 04:00
CVE-2003-0135 7.5
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
11-10-2017 - 01:29 11-04-2003 - 04:00
CVE-2004-0760 6.4
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0495 7.2
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
11-10-2017 - 01:29 06-08-2004 - 04:00
CVE-2004-1332 7.5
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
11-10-2017 - 01:29 31-12-2004 - 05:00
CVE-2003-0935 6.4
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
11-10-2017 - 01:29 01-12-2003 - 05:00
CVE-2004-0164 5.0
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message th
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2003-0195 5.0
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
11-10-2017 - 01:29 16-06-2003 - 04:00
CVE-2004-0244 4.7
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, b
11-10-2017 - 01:29 23-11-2004 - 05:00
CVE-2004-0154 5.0
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.
11-10-2017 - 01:29 14-06-2004 - 04:00
CVE-2005-0364 5.0
Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.
11-10-2017 - 01:29 10-02-2005 - 05:00
CVE-2004-0010 7.2
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2004-0403 5.0
Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2003-0468 5.0
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes
11-10-2017 - 01:29 27-08-2003 - 04:00
CVE-2004-2665 4.9
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
11-10-2017 - 01:29 31-12-2004 - 05:00
CVE-2003-0973 5.0
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
11-10-2017 - 01:29 15-12-2003 - 05:00
CVE-2005-0176 5.0
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
11-10-2017 - 01:29 15-02-2005 - 05:00
CVE-2001-0809 2.1
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
11-10-2017 - 01:29 06-12-2001 - 05:00
CVE-2004-1764 7.2
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
11-10-2017 - 01:29 14-01-2004 - 05:00
CVE-2003-1461 7.2
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
11-10-2017 - 01:29 31-12-2003 - 05:00
CVE-2004-0235 6.4
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0989 10.0
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy
11-10-2017 - 01:29 01-03-2005 - 05:00
CVE-2003-0992 4.3
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
11-10-2017 - 01:29 17-02-2004 - 05:00
CVE-2003-0984 4.6
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
11-10-2017 - 01:29 05-01-2004 - 05:00
CVE-2004-0762 5.0
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2005-0547 4.6
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
11-10-2017 - 01:29 24-02-2005 - 05:00
CVE-2004-0491 2.1
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
11-10-2017 - 01:29 31-12-2004 - 05:00
CVE-2004-0234 10.0
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-1375 4.6
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.
11-10-2017 - 01:29 23-12-2004 - 05:00
CVE-2004-0938 5.0
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
11-10-2017 - 01:29 03-11-2004 - 05:00
CVE-2003-0965 6.8
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
11-10-2017 - 01:29 17-02-2004 - 05:00
CVE-2004-0003 4.6
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2003-1375 7.2
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
11-10-2017 - 01:29 31-12-2003 - 05:00
CVE-2004-1029 9.3
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load un
11-10-2017 - 01:29 01-03-2005 - 05:00
CVE-2004-0554 2.1
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated usi
11-10-2017 - 01:29 06-08-2004 - 04:00
CVE-2003-0461 2.1
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
11-10-2017 - 01:29 27-08-2003 - 04:00
CVE-2003-0089 7.2
Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify.
11-10-2017 - 01:29 15-12-2003 - 05:00
CVE-2003-0540 5.0
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Error
11-10-2017 - 01:29 27-08-2003 - 04:00
CVE-2002-1363 7.5
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buff
10-10-2017 - 01:30 26-12-2002 - 05:00
CVE-2004-0189 7.5
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the acce
10-10-2017 - 01:30 15-03-2004 - 05:00
CVE-2004-0075 2.1
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
10-10-2017 - 01:30 15-03-2004 - 05:00
CVE-2009-1864 9.3
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1865 9.3
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulne
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1786 6.9
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
29-09-2017 - 01:34 26-05-2009 - 15:30
CVE-2009-1868 9.3
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors inv
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1866 9.3
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-2029 5.0
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
29-09-2017 - 01:34 11-06-2009 - 15:30
CVE-2009-1870 4.9
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1726 9.3
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
29-09-2017 - 01:34 06-08-2009 - 16:30
CVE-2009-1867 4.3
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1863 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related
29-09-2017 - 01:34 31-07-2009 - 19:30
CVE-2009-1374 5.0
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.
29-09-2017 - 01:34 26-05-2009 - 15:30
CVE-2009-1207 4.4
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
29-09-2017 - 01:34 01-04-2009 - 10:30
CVE-2009-0908 6.4
Unspecified vulnerability in the ACE shared folders implementation in the VMware Host Guest File System (HGFS) shared folders feature in VMware ACE 2.5.1 and earlier allows attackers to enable a disabled shared folder.
29-09-2017 - 01:34 06-04-2009 - 15:30
CVE-2009-1427 4.9
Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.
29-09-2017 - 01:34 12-08-2009 - 10:30
CVE-2009-1355 7.2
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.
29-09-2017 - 01:34 21-04-2009 - 16:24
CVE-2009-0692 10.0
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet
29-09-2017 - 01:33 14-07-2009 - 20:30
CVE-2009-0207 6.8
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local
29-09-2017 - 01:33 25-03-2009 - 01:30
CVE-2009-0114 5.8
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0418 9.3
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read p
29-09-2017 - 01:33 04-02-2009 - 19:30
CVE-2009-0688 7.5
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
29-09-2017 - 01:33 15-05-2009 - 15:30
CVE-2009-0522 4.3
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." P
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0370 7.2
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
29-09-2017 - 01:33 30-01-2009 - 19:30
CVE-2009-0321 4.3
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (
29-09-2017 - 01:33 28-01-2009 - 18:30
CVE-2009-0168 4.9
Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporar
29-09-2017 - 01:33 16-01-2009 - 21:30
CVE-2009-0536 4.9
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
29-09-2017 - 01:33 11-02-2009 - 20:30
CVE-2009-0519 9.3
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0719 6.0
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.
29-09-2017 - 01:33 29-04-2009 - 15:30
CVE-2009-0520 9.3
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to
29-09-2017 - 01:33 26-02-2009 - 16:17
CVE-2009-0518 2.1
VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password.
29-09-2017 - 01:33 06-04-2009 - 15:30
CVE-2008-5341 5.0
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-4210 4.6
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspec
29-09-2017 - 01:32 29-09-2008 - 17:17
CVE-2008-5339 5.0
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connecti
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5352 9.3
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and a
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5350 5.0
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5344 7.5
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make una
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-4916 4.6
Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build
29-09-2017 - 01:32 06-04-2009 - 15:30
CVE-2008-5356 9.3
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5384 6.9
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.
29-09-2017 - 01:32 09-12-2008 - 00:30
CVE-2008-5387 6.2
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
29-09-2017 - 01:32 09-12-2008 - 00:30
CVE-2008-5343 9.0
Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5358 9.3
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashsc
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5354 9.3
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applicat
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5347 7.5
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JA
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-4416 4.6
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
29-09-2017 - 01:32 05-12-2008 - 00:30
CVE-2008-5355 10.0
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which a
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5351 7.5
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to b
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5340 10.0
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to acces
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-5348 7.1
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause
29-09-2017 - 01:32 05-12-2008 - 11:30
CVE-2008-4018 7.2
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be lev
29-09-2017 - 01:31 11-09-2008 - 01:13
CVE-2008-3716 6.0
Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. Download Harmoni 1.6.0 at Sourceforge: http://sou
29-09-2017 - 01:31 19-08-2008 - 19:41
CVE-2008-3532 6.8
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
29-09-2017 - 01:31 08-08-2008 - 19:41
CVE-2008-2929 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Dir
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-2928 10.0
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-2957 6.4
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
29-09-2017 - 01:31 01-07-2008 - 22:41
CVE-2008-2930 7.1
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-3283 7.8
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authent
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-2476 9.3
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origi
29-09-2017 - 01:31 03-10-2008 - 15:07
CVE-2008-2514 4.6
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.
29-09-2017 - 01:31 02-06-2008 - 21:30
CVE-2008-2515 7.2
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."
29-09-2017 - 01:31 02-06-2008 - 21:30
CVE-2008-2513 7.2
Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.
29-09-2017 - 01:31 02-06-2008 - 21:30
CVE-2007-6717 7.2
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
29-09-2017 - 01:30 11-09-2008 - 01:04
CVE-2008-1659 7.2
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
29-09-2017 - 01:30 08-05-2008 - 00:20
CVE-2008-1600 7.2
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2008-1593 7.2
The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2008-1664 7.8
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
29-09-2017 - 01:30 08-08-2008 - 19:41
CVE-2008-1595 4.9
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2008-1710 7.2
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.
29-09-2017 - 01:30 09-04-2008 - 19:05
CVE-2008-1597 4.9
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2008-1668 10.0
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remot
29-09-2017 - 01:30 13-08-2008 - 18:41
CVE-2008-1599 7.2
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2008-1601 7.2
Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2008-1662 10.0
Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."
29-09-2017 - 01:30 01-08-2008 - 14:41
CVE-2008-1594 4.9
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lred
29-09-2017 - 01:30 31-03-2008 - 23:44
CVE-2008-1660 6.3
Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors.
29-09-2017 - 01:30 21-05-2008 - 13:24
CVE-2008-0587 7.2
Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
29-09-2017 - 01:30 05-02-2008 - 03:00
CVE-2008-0588 7.2
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
29-09-2017 - 01:30 05-02-2008 - 03:00
CVE-2008-0598 4.9
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
29-09-2017 - 01:30 30-06-2008 - 22:41
CVE-2008-0509 4.4
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
29-09-2017 - 01:30 31-01-2008 - 20:00
CVE-2008-1274 6.9
Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
29-09-2017 - 01:30 10-03-2008 - 23:44
CVE-2008-0713 6.8
Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors.
29-09-2017 - 01:30 13-05-2008 - 20:20
CVE-2008-0586 7.2
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd
29-09-2017 - 01:30 05-02-2008 - 03:00
CVE-2008-0584 7.2
Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.
29-09-2017 - 01:30 05-02-2008 - 03:00
CVE-2007-6419 7.8
Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
29-09-2017 - 01:29 24-12-2007 - 20:46
CVE-2007-5764 7.2
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
29-09-2017 - 01:29 25-01-2008 - 01:00
CVE-2007-5302 4.3
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecif
29-09-2017 - 01:29 09-10-2007 - 18:17
CVE-2007-5946 7.2
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
29-09-2017 - 01:29 14-11-2007 - 01:46
CVE-2007-5008 9.0
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
29-09-2017 - 01:29 20-09-2007 - 21:17
CVE-2007-4623 7.2
Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
29-09-2017 - 01:29 05-11-2007 - 16:46
CVE-2007-6063 6.9
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
29-09-2017 - 01:29 21-11-2007 - 00:46
CVE-2007-5237 7.1
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulne
29-09-2017 - 01:29 06-10-2007 - 00:17
CVE-2007-4179 1.5
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from C
29-09-2017 - 01:29 08-08-2007 - 01:17
CVE-2007-4125 7.1
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors.
29-09-2017 - 01:29 01-08-2007 - 16:17
CVE-2007-4513 7.2
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
29-09-2017 - 01:29 05-11-2007 - 16:46
CVE-2013-6622 6.8
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspec
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-6627 5.0
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-6628 4.3
net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which might allow remote web servers
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-6623 4.3
The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-6625 6.8
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM r
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-5419 6.9
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
19-09-2017 - 01:36 04-10-2013 - 10:44
CVE-2013-6624 7.5
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the string values of id attributes. CWE-416: Use After Free per htt
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-6626 4.3
The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers t
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-5325 9.3
Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.
19-09-2017 - 01:36 09-10-2013 - 14:54
CVE-2013-2871 7.5
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2840 7.5
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2868 5.0
common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension change
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2836 7.5
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2924 7.5
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown ve
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2841 7.5
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-3035 7.1
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.
19-09-2017 - 01:36 21-06-2013 - 14:55
CVE-2013-2922 6.8
Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2907 5.0
The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2858 7.5
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2838 5.0
Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2854 7.5
Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2449 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous inform
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2901 7.5
Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of ser
19-09-2017 - 01:36 21-08-2013 - 12:17
CVE-2013-2881 5.8
Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
19-09-2017 - 01:36 31-07-2013 - 13:20
CVE-2013-2862 7.5
Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2846 7.5
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2550 7.5
Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
19-09-2017 - 01:36 11-03-2013 - 10:55
CVE-2013-3355 10.0
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 an
19-09-2017 - 01:36 12-09-2013 - 13:28
CVE-2013-2923 7.5
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.66 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2865 7.5
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2916 4.3
Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a delay in notifying the user of an attempted spoof.
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2880 7.5
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2864 7.5
The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2844 7.5
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolutio
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2400 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744. P
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2908 5.0
Google Chrome before 30.0.1599.66 uses incorrect function calls to determine the values of NavigationEntry objects, which allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code.
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2873 7.5
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2904 7.5
Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via
19-09-2017 - 01:36 21-08-2013 - 12:17
CVE-2013-2874 4.3
Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2860 7.5
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2925 6.8
Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conf
19-09-2017 - 01:36 16-10-2013 - 20:55
CVE-2013-2909 7.5
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicod
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2462 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Per: http://
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2878 5.0
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2869 4.3
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2855 5.0
The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2839 7.5
Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-3356 10.0
Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3353.
19-09-2017 - 01:36 12-09-2013 - 13:28
CVE-2013-2905 5.0
The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.
19-09-2017 - 01:36 21-08-2013 - 12:17
CVE-2013-2857 7.5
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2910 7.5
Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified ot
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2887 7.5
Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 21-08-2013 - 12:17
CVE-2013-2861 7.5
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2845 7.5
The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2918 7.5
Use-after-free vulnerability in the RenderBlock::collapseAnonymousBlockChild function in core/rendering/RenderBlock.cpp in the DOM implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of ser
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2911 6.8
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecifi
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2842 7.5
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-3358 10.0
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3357.
19-09-2017 - 01:36 12-09-2013 - 13:28
CVE-2013-2853 6.8
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vec
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2921 6.8
Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possib
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2843 7.5
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2926 6.8
Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of ser
19-09-2017 - 01:36 16-10-2013 - 20:55
CVE-2013-2849 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2549 7.5
Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
19-09-2017 - 01:36 11-03-2013 - 10:55
CVE-2013-2460 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servicea
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2906 6.8
Multiple race conditions in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to threading in core/ht
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2920 5.0
The DoResolveRelativeHost function in url/url_canon_relative.cc in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via a relative URL containing a hostname, as demonstrated by a protocol-rel
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2900 7.5
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduc
19-09-2017 - 01:36 21-08-2013 - 12:17
CVE-2013-2866 4.3
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows rem
19-09-2017 - 01:36 19-06-2013 - 20:55
CVE-2013-2458 5.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the p
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2913 6.8
Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2886 7.5
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 31-07-2013 - 13:20
CVE-2013-2847 6.8
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2914 6.8
Use-after-free vulnerability in the color-chooser dialog in Google Chrome before 30.0.1599.66 on Windows allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to color_chooser_dialog.cc and
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2879 5.8
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2915 4.3
Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme, as demonstrated by a nonexistent:12121 URL.
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2884 7.5
Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns
19-09-2017 - 01:36 31-07-2013 - 13:20
CVE-2013-2856 7.5
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2903 7.5
Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspec
19-09-2017 - 01:36 21-08-2013 - 12:17
CVE-2013-2875 5.0
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2863 10.0
Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-2848 5.0
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-4011 7.2
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
19-09-2017 - 01:36 18-07-2013 - 16:51
CVE-2013-3354 10.0
Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 an
19-09-2017 - 01:36 12-09-2013 - 13:28
CVE-2013-2870 9.3
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2837 7.5
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:36 22-05-2013 - 13:29
CVE-2013-2931 10.0
Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 13-11-2013 - 15:55
CVE-2013-2902 7.5
Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related t
19-09-2017 - 01:36 21-08-2013 - 12:17
CVE-2013-2867 7.5
Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-2928 7.5
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:36 16-10-2013 - 20:55
CVE-2013-2912 7.5
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2876 5.0
browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a prev
19-09-2017 - 01:36 10-07-2013 - 10:55
CVE-2013-3357 10.0
Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3358.
19-09-2017 - 01:36 12-09-2013 - 13:28
CVE-2013-3005 8.5
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
19-09-2017 - 01:36 06-07-2013 - 13:57
CVE-2013-2917 5.0
The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-
19-09-2017 - 01:36 02-10-2013 - 10:35
CVE-2013-2883 7.5
Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.
19-09-2017 - 01:36 31-07-2013 - 13:20
CVE-2013-2859 7.5
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.
19-09-2017 - 01:36 05-06-2013 - 00:55
CVE-2013-1707 7.2
Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1868 9.3
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
19-09-2017 - 01:36 10-07-2013 - 19:55
CVE-2013-1489 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very Hig
19-09-2017 - 01:36 31-01-2013 - 14:55
CVE-2013-1482 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:36 02-02-2013 - 00:55
CVE-2013-1483 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:36 02-02-2013 - 00:55
CVE-2013-1472 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:36 02-02-2013 - 00:55
CVE-2013-1954 6.8
The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.
19-09-2017 - 01:36 10-07-2013 - 19:55
CVE-2013-1706 7.2
Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain priv
19-09-2017 - 01:36 07-08-2013 - 01:55
CVE-2013-1484 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
19-09-2017 - 01:36 20-02-2013 - 21:55
CVE-2013-2268 7.5
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue.
19-09-2017 - 01:36 23-02-2013 - 21:55
CVE-2013-1667 7.5
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
19-09-2017 - 01:36 14-03-2013 - 03:13
CVE-2013-1477 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:36 02-02-2013 - 00:55
CVE-2013-1474 9.3
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:36 02-02-2013 - 00:55
CVE-2013-1485 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Per vendor Note 1 "Applies to client deployment
19-09-2017 - 01:36 20-02-2013 - 21:55
CVE-2012-5885 5.0
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce)
19-09-2017 - 01:35 17-11-2012 - 19:55
CVE-2012-5157 4.3
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-5151 6.8
Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-5080 7.6
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078. Per: http://w
19-09-2017 - 01:35 16-10-2012 - 21:55
CVE-2012-5078 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080. Per: http://w
19-09-2017 - 01:35 16-10-2012 - 21:55
CVE-2012-3965 9.3
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-5121 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5088 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Per: http://ww
19-09-2017 - 01:35 16-10-2012 - 21:55
CVE-2012-5156 6.8
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-5109 5.0
The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
19-09-2017 - 01:35 09-10-2012 - 11:13
CVE-2012-3975 4.3
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by provi
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-5126 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5123 5.0
Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5112 10.0
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:35 11-10-2012 - 10:51
CVE-2012-3966 10.0
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-5166 7.8
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
19-09-2017 - 01:35 10-10-2012 - 21:55
CVE-2012-5124 7.5
Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5127 7.5
Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5128 7.5
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-4431 4.3
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
19-09-2017 - 01:35 19-12-2012 - 11:55
CVE-2012-5116 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5119 6.8
Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5070 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct201
19-09-2017 - 01:35 16-10-2012 - 21:55
CVE-2012-4203 6.8
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
19-09-2017 - 01:35 21-11-2012 - 12:55
CVE-2012-5122 7.5
Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5082 5.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html "Appl
19-09-2017 - 01:35 16-10-2012 - 21:55
CVE-2012-5087 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Per: http://www.or
19-09-2017 - 01:35 16-10-2012 - 21:55
CVE-2012-4534 2.6
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by termi
19-09-2017 - 01:35 19-12-2012 - 11:55
CVE-2012-5125 7.5
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5111 7.5
Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 09-10-2012 - 11:13
CVE-2012-3962 9.3
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute
19-09-2017 - 01:35 29-08-2012 - 10:56
CVE-2012-5117 7.5
Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 07-11-2012 - 11:43
CVE-2012-5108 9.3
Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
19-09-2017 - 01:35 09-10-2012 - 11:13
CVE-2012-5110 5.0
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:35 09-10-2012 - 11:13
CVE-2012-5067 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per: http://www.oracle.com/technetwork/top
19-09-2017 - 01:35 16-10-2012 - 21:55
CVE-2012-2855 6.8
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified o
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2847 4.3
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a den
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2862 6.8
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
19-09-2017 - 01:35 09-08-2012 - 10:29
CVE-2012-2854 5.0
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2891 5.0
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2012-2860 6.8
The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impa
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2856 7.5
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that tri
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2900 7.5
Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 09-10-2012 - 11:13
CVE-2012-2889 4.3
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2013-0921 6.8
The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2012-2834 9.3
Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
19-09-2017 - 01:35 27-06-2012 - 10:18
CVE-2013-0793 4.3
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote atta
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0905 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0912 7.5
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
19-09-2017 - 01:35 11-03-2013 - 10:55
CVE-2013-0904 7.5
The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0906 7.5
The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0842 10.0
Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0829 6.4
Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-2890 6.8
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2012-2857 6.8
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2849 4.3
Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2013-0920 7.5
Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0910 7.5
Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access rest
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0903 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2012-2850 6.8
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2875 6.8
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document.
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2012-2842 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.
19-09-2017 - 01:35 12-07-2012 - 21:55
CVE-2013-0922 7.5
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0840 10.0
Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2012-2853 6.8
The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or po
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2843 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.
19-09-2017 - 01:35 12-07-2012 - 21:55
CVE-2013-0908 7.5
Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0918 6.8
Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2012-2858 6.8
Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2863 7.5
The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
19-09-2017 - 01:35 09-08-2012 - 10:29
CVE-2013-0907 7.5
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0926 6.8
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0828 6.8
The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have un
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-2852 6.8
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2851 6.8
Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified othe
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2893 6.8
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2012-2892 5.0
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2012-2895 6.8
The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2013-0909 5.0
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0788 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a deni
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2012-2848 4.3
The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site
19-09-2017 - 01:35 06-08-2012 - 15:55
CVE-2012-2844 9.3
The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document
19-09-2017 - 01:35 12-07-2012 - 21:55
CVE-2012-2894 6.8
Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 26-09-2012 - 10:56
CVE-2013-0923 5.0
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0795 10.0
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for clo
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0841 7.5
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0925 7.5
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0902 7.5
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0797 6.9
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges
19-09-2017 - 01:35 03-04-2013 - 11:56
CVE-2013-0911 7.5
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0917 5.0
The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0916 7.5
Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0924 7.5
The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0839 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0274 2.9
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
19-09-2017 - 01:35 16-02-2013 - 21:55
CVE-2013-0436 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0787 9.3
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey
19-09-2017 - 01:35 11-03-2013 - 10:55
CVE-2013-0447 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0444 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0272 6.8
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
19-09-2017 - 01:35 16-02-2013 - 21:55
CVE-2013-0437 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0449 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0439 10.0
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0431 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Iss
19-09-2017 - 01:35 31-01-2013 - 14:55
CVE-2013-0271 5.0
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
19-09-2017 - 01:35 16-02-2013 - 21:55
CVE-2013-0273 5.0
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
19-09-2017 - 01:35 16-02-2013 - 21:55
CVE-2011-3650 9.3
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory c
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-4602 5.0
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
19-09-2017 - 01:34 17-12-2011 - 03:54
CVE-2011-4693 9.3
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp m
19-09-2017 - 01:34 07-12-2011 - 20:55
CVE-2011-3886 6.8
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.
19-09-2017 - 01:34 25-10-2011 - 19:55
CVE-2011-3648 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-4694 9.3
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp
19-09-2017 - 01:34 07-12-2011 - 20:55
CVE-2011-4601 5.0
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or
19-09-2017 - 01:34 25-12-2011 - 01:55
CVE-2011-4159 6.8
Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
19-09-2017 - 01:34 19-11-2011 - 03:58
CVE-2011-3654 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application cras
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3652 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-3655 9.3
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
19-09-2017 - 01:34 09-11-2011 - 11:55
CVE-2011-4922 2.1
cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
19-09-2017 - 01:34 08-08-2012 - 10:26
CVE-2011-4603 5.0
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash)
19-09-2017 - 01:34 17-12-2011 - 03:54
CVE-2011-3594 4.3
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use o
19-09-2017 - 01:34 04-11-2011 - 21:55
CVE-2011-4692 5.0
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the bro
19-09-2017 - 01:34 07-12-2011 - 19:55
CVE-2012-2828 6.8
Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2832 6.8
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted do
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2820 5.0
Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2822 5.0
The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2826 5.0
Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2764 7.2
Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2818 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS)
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-1699 3.6
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of se
19-09-2017 - 01:34 21-12-2012 - 05:46
CVE-2012-2830 7.5
Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2823 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2815 5.0
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2746 2.1
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us
19-09-2017 - 01:34 03-07-2012 - 16:40
CVE-2012-2678 1.2
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#use
19-09-2017 - 01:34 03-07-2012 - 16:40
CVE-2012-2816 7.8
Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2831 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2833 7.5
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2819 6.8
The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application cr
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-1956 4.3
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-si
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-2821 7.5
The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2829 7.5
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2824 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-2817 7.5
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.
19-09-2017 - 01:34 27-06-2012 - 10:18
CVE-2012-1971 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
19-09-2017 - 01:34 29-08-2012 - 10:56
CVE-2012-0447 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG ima
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0446 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, r
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0445 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name at
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0443 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
19-09-2017 - 01:34 01-02-2012 - 16:55
CVE-2012-0131 10.0
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:34 05-04-2012 - 13:55
CVE-2011-3232 9.3
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3114 7.5
Multiple buffer overflows in the PDF functionality in Google Chrome before 19.0.1084.52 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unknown function calls.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3107 7.5
Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3111 5.0
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3113 7.5
The PDF functionality in Google Chrome before 19.0.1084.52 does not properly perform a cast of an unspecified variable during handling of color spaces, which allows remote attackers to cause a denial of service or possibly have unknown other impact v
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3164 6.8
Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors. Per: http://h20565.www2.
19-09-2017 - 01:33 04-11-2011 - 21:55
CVE-2011-3105 7.5
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-2993 9.3
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypas
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-3184 4.3
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and ap
19-09-2017 - 01:33 29-08-2011 - 17:55
CVE-2011-3004 4.3
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a craf
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2943 4.3
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL
19-09-2017 - 01:33 29-08-2011 - 17:55
CVE-2011-3110 7.5
The PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3108 10.0
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3112 5.0
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3104 5.0
Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3001 4.3
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3115 7.5
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger "type corruption."
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3103 7.5
Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript cod
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-3005 9.3
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-3106 10.0
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:33 24-05-2012 - 18:55
CVE-2011-2372 3.5
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended ac
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2995 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application cra
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2990 5.0
The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allow
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-3000 4.3
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote a
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2997 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitr
19-09-2017 - 01:33 29-09-2011 - 00:55
CVE-2011-2106 9.3
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:32 16-06-2011 - 23:55
CVE-2011-2305 6.2
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
19-09-2017 - 01:32 21-07-2011 - 00:55
CVE-2011-1475 5.0
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP
19-09-2017 - 01:32 08-04-2011 - 15:17
CVE-2011-0547 10.0
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster
19-09-2017 - 01:32 19-08-2011 - 21:55
CVE-2010-4700 6.8
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injecti
19-09-2017 - 01:31 18-01-2011 - 20:00
CVE-2010-4485 4.3
Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.
19-09-2017 - 01:31 07-12-2010 - 21:00
CVE-2010-3638 4.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.
19-09-2017 - 01:31 07-11-2010 - 22:00
CVE-2010-4478 7.5
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending c
19-09-2017 - 01:31 06-12-2010 - 22:30
CVE-2010-3563 10.0
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-4422 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
19-09-2017 - 01:31 17-02-2011 - 19:00
CVE-2010-4528 4.0
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnec
19-09-2017 - 01:31 07-01-2011 - 12:00
CVE-2010-4489 4.3
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
19-09-2017 - 01:31 07-12-2010 - 21:00
CVE-2010-4150 5.0
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
19-09-2017 - 01:31 07-12-2010 - 22:00
CVE-2010-4108 6.8
HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.
19-09-2017 - 01:31 08-12-2010 - 18:00
CVE-2010-3711 4.0
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted mes
19-09-2017 - 01:31 28-10-2010 - 00:00
CVE-2010-3570 7.6
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-5107 5.0
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
19-09-2017 - 01:31 07-03-2013 - 20:55
CVE-2010-3555 9.3
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-3564 6.4
Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webma
19-09-2017 - 01:31 14-10-2010 - 18:00
CVE-2010-3558 10.0
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-3623 9.3
Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-2
19-09-2017 - 01:31 06-10-2010 - 17:00
CVE-2010-3183 9.3
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls tha
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3552 10.0
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technetwork
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-3129 9.3
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll,
19-09-2017 - 01:31 26-08-2010 - 18:36
CVE-2010-3177 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) f
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3173 7.5
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which m
19-09-2017 - 01:31 21-10-2010 - 19:00
CVE-2010-3191 9.3
Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is locate
19-09-2017 - 01:31 31-08-2010 - 20:00
CVE-2010-2752 9.3
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Casc
19-09-2017 - 01:31 30-07-2010 - 20:30
CVE-2010-3406 1.7
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
19-09-2017 - 01:31 16-09-2010 - 21:00
CVE-2010-2528 4.0
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that
19-09-2017 - 01:31 30-07-2010 - 13:26
CVE-2010-2754 5.0
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving
19-09-2017 - 01:31 30-07-2010 - 13:26
CVE-2010-2712 6.8
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
19-09-2017 - 01:31 30-08-2010 - 21:00
CVE-2010-3132 9.3
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (
19-09-2017 - 01:31 26-08-2010 - 18:36
CVE-2010-2762 6.8
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attacker
19-09-2017 - 01:31 09-09-2010 - 19:00
CVE-2009-4863 9.3
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.
19-09-2017 - 01:30 11-05-2010 - 12:02
CVE-2010-1758 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1767 6.8
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a
19-09-2017 - 01:30 24-09-2010 - 19:00
CVE-2010-1759 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1771 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1414 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1400 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1384 4.3
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to cond
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1211 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of se
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1422 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1412 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1416 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attacke
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1385 9.3
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF d
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1240 9.3
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arb
19-09-2017 - 01:30 05-04-2010 - 15:30
CVE-2010-1418 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC at
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1408 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, relate
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1750 9.3
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1421 4.3
The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to m
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1389 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involvi
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1213 4.3
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows r
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1791 9.3
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1415 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash)
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1406 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remot
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1417 9.3
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory co
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1410 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1761 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1778 4.3
Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1419 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application cr
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1391 4.3
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1774 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1768 6.9
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
19-09-2017 - 01:30 20-08-2010 - 20:00
CVE-2010-1762 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a T
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1769 10.0
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (appl
19-09-2017 - 01:30 18-06-2010 - 16:30
CVE-2010-1409 5.8
Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service po
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1405 9.3
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HT
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1395 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constru
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1399 9.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1394 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML docume
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1119 10.0
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of serv
19-09-2017 - 01:30 25-03-2010 - 21:00
CVE-2010-1789 9.3
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a J
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1777 9.3
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
19-09-2017 - 01:30 30-07-2010 - 13:26
CVE-2010-1413 5.0
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information v
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1390 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper U
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1764 4.3
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-1393 4.3
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with
19-09-2017 - 01:30 11-06-2010 - 18:00
CVE-2010-1796 2.6
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events
19-09-2017 - 01:30 30-07-2010 - 20:30
CVE-2010-1763 10.0
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
19-09-2017 - 01:30 18-06-2010 - 16:30
CVE-2010-0532 6.9
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htm
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0382 7.6
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to ha
19-09-2017 - 01:30 22-01-2010 - 22:00
CVE-2010-0531 4.3
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
19-09-2017 - 01:30 31-03-2010 - 18:30
CVE-2010-0097 4.3
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a f
19-09-2017 - 01:30 22-01-2010 - 22:00
CVE-2010-1030 4.4
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.
19-09-2017 - 01:30 31-03-2010 - 18:00
CVE-2010-1032 4.9
Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.
19-09-2017 - 01:30 21-04-2010 - 14:30
CVE-2010-0220 5.0
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an acco
19-09-2017 - 01:30 07-01-2010 - 19:30
CVE-2010-0961 7.2
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
19-09-2017 - 01:30 10-03-2010 - 22:30
CVE-2010-0161 4.3
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial o
19-09-2017 - 01:30 23-03-2010 - 00:53
CVE-2010-0647 9.3
WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0423 5.0
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
19-09-2017 - 01:30 24-02-2010 - 18:30
CVE-2010-0420 4.3
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nick
19-09-2017 - 01:30 24-02-2010 - 18:30
CVE-2010-0544 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malforme
19-09-2017 - 01:30 11-06-2010 - 19:30
CVE-2010-0742 7.5
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid
19-09-2017 - 01:30 03-06-2010 - 14:30
CVE-2010-0654 4.3
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type
19-09-2017 - 01:30 18-02-2010 - 18:00
CVE-2010-0960 7.2
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
19-09-2017 - 01:30 10-03-2010 - 22:30
CVE-2010-0189 9.3
A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to
19-09-2017 - 01:30 23-02-2010 - 20:30
CVE-2010-0310 6.8
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates.
19-09-2017 - 01:30 14-01-2010 - 19:30
CVE-2010-0451 4.0
The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.
19-09-2017 - 01:30 29-03-2010 - 22:30
CVE-2010-0277 5.0
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malf
19-09-2017 - 01:30 09-01-2010 - 18:30
CVE-2009-4565 7.5
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a
19-09-2017 - 01:29 04-01-2010 - 21:30
CVE-2009-4313 9.3
ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media f
19-09-2017 - 01:29 13-12-2009 - 01:30
CVE-2009-4311 9.3
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE
19-09-2017 - 01:29 13-12-2009 - 01:30
CVE-2009-4022 2.6
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS c
19-09-2017 - 01:29 25-11-2009 - 16:30
CVE-2009-4184 6.2
Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.
19-09-2017 - 01:29 03-02-2010 - 18:30
CVE-2009-3615 5.0
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM I
19-09-2017 - 01:29 20-10-2009 - 17:30
CVE-2009-4355 5.0
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to
19-09-2017 - 01:29 14-01-2010 - 19:30
CVE-2009-3517 10.0
nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.
19-09-2017 - 01:29 01-10-2009 - 15:30
CVE-2009-3375 4.3
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection fu
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-4378 4.3
The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows remote attackers to cause a denial of service (crash) via a crafted packet, related to "formatting a date/time using strftime."
19-09-2017 - 01:29 21-12-2009 - 21:30
CVE-2009-3084 5.0
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten
19-09-2017 - 01:29 08-09-2009 - 18:30
CVE-2009-3382 10.0
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or p
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-2682 7.2
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
19-09-2017 - 01:29 24-09-2009 - 18:30
CVE-2009-3371 10.0
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3797 9.3
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
19-09-2017 - 01:29 10-12-2009 - 19:30
CVE-2009-4312 9.3
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
19-09-2017 - 01:29 13-12-2009 - 01:30
CVE-2009-3380 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3085 5.0
The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content
19-09-2017 - 01:29 08-09-2009 - 18:30
CVE-2009-3379 10.0
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overla
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3244 9.3
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
19-09-2017 - 01:29 18-09-2009 - 10:30
CVE-2009-3516 7.2
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
19-09-2017 - 01:29 01-10-2009 - 15:30
CVE-2009-3025 4.3
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
19-09-2017 - 01:29 31-08-2009 - 20:30
CVE-2009-3464 9.3
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details
19-09-2017 - 01:29 04-11-2009 - 15:30
CVE-2009-3026 5.0
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect t
19-09-2017 - 01:29 31-08-2009 - 20:30
CVE-2009-3381 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3370 5.0
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3383 10.0
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3245 10.0
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent at
19-09-2017 - 01:29 05-03-2010 - 19:30
CVE-2009-3465 9.3
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details
19-09-2017 - 01:29 04-11-2009 - 15:30
CVE-2009-3378 9.3
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3374 7.5
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote w
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3377 10.0
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
19-09-2017 - 01:29 29-10-2009 - 14:30
CVE-2009-3083 5.0
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite mess
19-09-2017 - 01:29 08-09-2009 - 18:30
CVE-2009-2694 10.0
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory
19-09-2017 - 01:29 21-08-2009 - 11:02
CVE-2009-3466 9.3
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an "invalid string length vulnerability." NOTE: some of these details are obtained from thir
19-09-2017 - 01:29 04-11-2009 - 15:30
CVE-2009-3851 7.2
Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended
19-09-2017 - 01:29 03-11-2009 - 16:30
CVE-2009-2703 5.0
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.
19-09-2017 - 01:29 08-09-2009 - 18:30
CVE-2009-3006 4.3
Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, whi
19-09-2017 - 01:29 28-08-2009 - 15:30
CVE-2009-2679 7.8
Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.
19-09-2017 - 01:29 05-10-2009 - 18:30
CVE-2009-3563 6.4
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
19-09-2017 - 01:29 09-12-2009 - 18:30
CVE-2009-3463 9.3
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
19-09-2017 - 01:29 04-11-2009 - 15:30
Back to Top Mark selected
Back to Top