Max CVSS 9.3 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2011-1755 5.0
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity reference
02-02-2024 - 15:01 21-06-2011 - 02:52
CVE-2010-4645 5.0
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation
15-05-2023 - 00:15 11-01-2011 - 03:00
CVE-2011-2691 4.3
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers t
13-02-2023 - 04:31 17-07-2011 - 20:55
CVE-2010-4172 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to s
13-02-2023 - 04:28 26-11-2010 - 20:00
CVE-2010-3718 1.2
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as
13-02-2023 - 04:25 10-02-2011 - 18:00
CVE-2010-1634 5.0
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with
13-02-2023 - 04:18 27-05-2010 - 19:30
CVE-2010-1157 2.6
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
13-02-2023 - 04:17 23-04-2010 - 14:30
CVE-2011-2692 6.8
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory
13-02-2023 - 01:20 17-07-2011 - 20:55
CVE-2011-0013 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the displ
13-02-2023 - 01:18 19-02-2011 - 01:00
CVE-2011-0707 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
13-02-2023 - 01:18 22-02-2011 - 19:00
CVE-2011-1471 4.3
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
19-01-2023 - 16:40 20-03-2011 - 02:00
CVE-2011-3192 7.8
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as e
19-09-2022 - 19:49 29-08-2011 - 15:55
CVE-2011-0419 4.3
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac
19-09-2022 - 19:47 16-05-2011 - 17:55
CVE-2010-3436 5.0
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.
01-09-2022 - 16:32 09-11-2010 - 01:00
CVE-2010-2089 5.0
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arg
16-08-2022 - 13:32 27-05-2010 - 19:30
CVE-2011-0411 6.8
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sess
10-08-2021 - 12:15 16-03-2011 - 22:55
CVE-2011-2690 6.8
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwr
06-08-2020 - 15:44 17-07-2011 - 20:55
CVE-2011-1521 6.4
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (r
25-10-2019 - 11:53 24-05-2011 - 23:55
CVE-2011-1910 5.0
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative
09-10-2019 - 23:02 31-05-2011 - 20:55
CVE-2010-2227 6.4
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via
25-03-2019 - 11:32 13-07-2010 - 17:30
CVE-2011-2464 5.0
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
30-10-2018 - 16:27 08-07-2011 - 20:55
CVE-2011-1469 4.3
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-1467 5.0
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a rela
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-1468 4.3
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt fun
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-1470 4.3
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-1466 5.0
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-1092 7.5
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
30-10-2018 - 16:26 15-03-2011 - 17:55
CVE-2011-0421 4.3
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer derefer
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-0708 4.3
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buf
30-10-2018 - 16:26 20-03-2011 - 02:00
CVE-2011-0420 5.0
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. Per: htt
10-10-2018 - 20:09 19-02-2011 - 01:00
CVE-2010-3614 6.4
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attacke
10-10-2018 - 20:04 06-12-2010 - 13:44
CVE-2010-3613 4.0
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a
10-10-2018 - 20:04 06-12-2010 - 13:44
CVE-2011-0534 5.0
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request
09-10-2018 - 19:29 10-02-2011 - 18:00
CVE-2011-3219 9.3
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
19-09-2017 - 01:33 12-10-2011 - 18:55
CVE-2011-0250 9.3
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.
19-09-2017 - 01:31 04-08-2011 - 02:45
CVE-2011-0259 7.6
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecif
19-09-2017 - 01:31 12-10-2011 - 18:55
CVE-2011-0249 9.3
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.
19-09-2017 - 01:31 04-08-2011 - 02:45
CVE-2011-0252 9.3
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file.
19-09-2017 - 01:31 04-08-2011 - 02:45
CVE-2011-0251 9.3
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.
19-09-2017 - 01:31 04-08-2011 - 02:45
CVE-2010-0097 4.3
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a f
19-09-2017 - 01:30 22-01-2010 - 22:00
CVE-2009-4022 2.6
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS c
19-09-2017 - 01:29 25-11-2009 - 16:30
CVE-2011-3437 6.8
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-3435 2.1
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-3436 6.5
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended works
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-3246 5.0
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or
29-08-2017 - 01:30 14-10-2011 - 10:55
CVE-2011-1153 7.5
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly e
17-08-2017 - 01:33 16-03-2011 - 22:55
CVE-2011-3212 2.1
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the d
12-05-2012 - 03:40 14-10-2011 - 10:55
CVE-2011-3227 6.8
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (app
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3226 6.8
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user acco
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3217 6.8
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3214 4.6
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3225 5.0
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveragi
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3218 2.6
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing th
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3213 7.6
The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communic
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3223 6.8
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3221 6.8
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3215 2.1
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1)
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3228 6.8
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3224 2.6
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3220 4.3
QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3216 2.1
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-3222 6.8
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
14-01-2012 - 03:55 14-10-2011 - 10:55
CVE-2011-0230 7.5
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2011-0224 6.8
CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2011-0185 4.4
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2011-0260 4.6
The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2011-0231 5.0
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2011-0229 6.8
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
14-01-2012 - 03:51 14-10-2011 - 10:55
CVE-2011-0226 9.3
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory
26-10-2011 - 02:56 19-07-2011 - 22:55
CVE-2011-0187 4.3
The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.
21-10-2011 - 02:51 23-03-2011 - 02:00
Back to Top Mark selected
Back to Top