Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-2093 | 1 Adobe | 3 Blazeds, Livecycle, Livecycle Data Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability." | |||||
CVE-2011-2838 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors. | |||||
CVE-2011-0983 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
CVE-2010-3709 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2024-02-28 | 4.3 MEDIUM | N/A |
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. | |||||
CVE-2011-0182 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. | |||||
CVE-2010-0496 | 2 Apple, Freebit | 2 Iphone Os, Serversman | 2024-02-28 | 5.0 MEDIUM | N/A |
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. | |||||
CVE-2010-2362 | 1 Winny | 1 Winny | 2024-02-28 | 10.0 HIGH | N/A |
Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | |||||
CVE-2011-1448 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
CVE-2012-0710 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request. | |||||
CVE-2010-3338 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-02-28 | 7.2 HIGH | N/A |
The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888. | |||||
CVE-2010-4335 | 1 Cakefoundation | 1 Cakephp | 2024-02-28 | 7.5 HIGH | N/A |
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files. | |||||
CVE-2010-2729 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability." | |||||
CVE-2011-4885 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
CVE-2010-1518 | 1 Gigabyte | 1 Dldrv2 Activex Control | 2024-02-28 | 10.0 HIGH | N/A |
Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument. | |||||
CVE-2010-4803 | 1 Mojolicious | 1 Mojolicious | 2024-02-28 | 10.0 HIGH | N/A |
Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors. | |||||
CVE-2011-0924 | 1 Hp | 1 Data Protector | 2024-02-28 | 10.0 HIGH | N/A |
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh. | |||||
CVE-2008-7257 | 1 Cisco | 1 Asa 5580 | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | |||||
CVE-2010-3620 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629. | |||||
CVE-2010-1567 | 1 Cisco | 1 Pgw 2200 Softswitch | 2024-02-28 | 7.8 HIGH | N/A |
The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590. | |||||
CVE-2011-1811 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |