Total
1222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-2138 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2024-11-21 | 10.0 HIGH | N/A |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416. | |||||
CVE-2011-2136 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2024-11-21 | 10.0 HIGH | N/A |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416. | |||||
CVE-2011-2123 | 1 Adobe | 1 Shockwave Player | 2024-11-21 | 9.3 HIGH | N/A |
Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow. | |||||
CVE-2011-2121 | 1 Adobe | 1 Shockwave Player | 2024-11-21 | 9.3 HIGH | N/A |
Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2011-2120 | 1 Adobe | 1 Shockwave Player | 2024-11-21 | 9.3 HIGH | N/A |
Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2011-2109 | 1 Adobe | 1 Shockwave Player | 2024-11-21 | 9.3 HIGH | N/A |
Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2011-2013 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." | |||||
CVE-2011-1944 | 1 Xmlsoft | 2 Libxml, Libxml2 | 2024-11-21 | 9.3 HIGH | N/A |
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. | |||||
CVE-2011-1910 | 1 Isc | 1 Bind | 2024-11-21 | 5.0 MEDIUM | N/A |
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. | |||||
CVE-2011-1908 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 9.3 HIGH | N/A |
Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. | |||||
CVE-2011-1870 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2024-11-21 | 7.2 HIGH | N/A |
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." | |||||
CVE-2011-1843 | 1 Banu | 1 Tinyproxy | 2024-11-21 | 6.8 MEDIUM | N/A |
Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers. | |||||
CVE-2011-1795 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document containing a FORM element. | |||||
CVE-2011-1794 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions. | |||||
CVE-2011-1781 | 1 Systemtap | 1 Systemtap | 2024-11-21 | 1.2 LOW | N/A |
SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing). | |||||
CVE-2011-1769 | 1 Systemtap | 1 Systemtap | 2024-11-21 | 1.2 LOW | N/A |
SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. | |||||
CVE-2011-1759 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.2 MEDIUM | N/A |
Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition. | |||||
CVE-2011-1746 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Enterprise Linux Aus and 4 more | 2024-11-21 | 6.9 MEDIUM | N/A |
Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. | |||||
CVE-2011-1710 | 1 Novell | 1 Xtier Framework | 2024-11-21 | 7.5 HIGH | N/A |
Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables. | |||||
CVE-2011-1659 | 1 Gnu | 1 Glibc | 2024-11-21 | 5.0 MEDIUM | N/A |
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. |