Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0484 | 1 Google | 2 Chrome, Chrome Os | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node." | |||||
CVE-2010-3827 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | |||||
CVE-2011-0431 | 1 Openafs | 1 Openafs | 2024-02-28 | 5.0 MEDIUM | N/A |
The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-0303 | 1 Dinko Korunic | 1 Hybserv2 | 2024-02-28 | 5.0 MEDIUM | N/A |
mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a ":help \t" private message to the MemoServ service. | |||||
CVE-2011-1718 | 2 Broadcom, Ca | 2 Siteminder, Siteminder | 2024-02-28 | 4.3 MEDIUM | N/A |
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data. | |||||
CVE-2011-0602 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599. | |||||
CVE-2011-0739 | 1 Mikel Lindsaar | 1 Mail | 2024-02-28 | 6.8 MEDIUM | N/A |
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. | |||||
CVE-2011-4755 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2024-02-28 | 10.0 HIGH | N/A |
Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files. | |||||
CVE-2012-1785 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2024-02-28 | 7.5 HIGH | N/A |
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2011-0981 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
CVE-2009-4372 | 1 Alienvault | 1 Open Source Security Information Management | 2024-02-28 | 7.5 HIGH | N/A |
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/. | |||||
CVE-2010-2596 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 4.3 MEDIUM | N/A |
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." | |||||
CVE-2011-0051 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. | |||||
CVE-2011-4153 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. | |||||
CVE-2011-2883 | 1 Citrix | 1 Access Gateway | 2024-02-28 | 9.3 HIGH | N/A |
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate. | |||||
CVE-2011-2839 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-02-28 | 7.5 HIGH | N/A |
The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2011-4063 | 1 Asterisk | 1 Open Source | 2024-02-28 | 6.8 MEDIUM | N/A |
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. | |||||
CVE-2011-1775 | 1 Tigervnc | 1 Tigervnc | 2024-02-28 | 5.8 MEDIUM | N/A |
The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate. | |||||
CVE-2011-3597 | 1 Gisle Aas | 1 Digest | 2024-02-28 | 7.5 HIGH | N/A |
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. | |||||
CVE-2010-0097 | 1 Isc | 1 Bind | 2024-02-28 | 4.3 MEDIUM | N/A |
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. |