Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1783 | 1 Saurabh Gupta | 1 Tiny Server | 2024-02-28 | 7.8 HIGH | N/A |
Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number. | |||||
CVE-2010-0485 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2024-02-28 | 6.8 MEDIUM | N/A |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability." | |||||
CVE-2010-3614 | 1 Isc | 1 Bind | 2024-02-28 | 6.4 MEDIUM | N/A |
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. | |||||
CVE-2011-0067 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | |||||
CVE-2011-0485 | 1 Google | 2 Chrome, Chrome Os | 2024-02-28 | 10.0 HIGH | N/A |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer." | |||||
CVE-2010-4759 | 1 Otrs | 1 Otrs | 2024-02-28 | 4.0 MEDIUM | N/A |
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search. | |||||
CVE-2011-2763 | 1 Lifesize | 2 Lifesize Room Appliance, Lifesize Room Appliance Software | 2024-02-28 | 7.5 HIGH | N/A |
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. | |||||
CVE-2010-2352 | 3 Drupal, Karen Stevenson, Yves Chedemois | 3 Drupal, Cck, Cck | 2024-02-28 | 5.0 MEDIUM | N/A |
The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. | |||||
CVE-2011-1972 | 1 Microsoft | 1 Visio | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." | |||||
CVE-2011-1739 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.3 MEDIUM | N/A |
The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request. | |||||
CVE-2011-2092 | 1 Adobe | 3 Blazeds, Livecycle, Livecycle Data Services | 2024-02-28 | 10.0 HIGH | N/A |
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability." | |||||
CVE-2011-5043 | 1 Tomatosoft | 1 Free Mp3 Player | 2024-02-28 | 4.3 MEDIUM | N/A |
TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow. | |||||
CVE-2012-0709 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements. | |||||
CVE-2010-0235 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more | 2024-02-28 | 4.7 MEDIUM | N/A |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." | |||||
CVE-2010-3236 | 1 Microsoft | 3 Excel, Office, Open Xml File Format Converter | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." | |||||
CVE-2009-5056 | 1 Otrs | 1 Otrs | 2024-02-28 | 2.1 LOW | N/A |
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list. | |||||
CVE-2011-4554 | 1 Oneclickorgs | 1 One Click Orgs | 2024-02-28 | 5.5 MEDIUM | N/A |
One Click Orgs before 1.2.3 allows remote authenticated users to trigger crafted SMTP traffic via (1) " (double quote) and newline characters in an org name or (2) " (double quote) characters in an e-mail address, related to a "2nd Order SMTP Injection" issue. | |||||
CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2011-0923 | 1 Hp | 1 Data Protector | 2024-02-28 | 10.0 HIGH | N/A |
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory." | |||||
CVE-2011-2634 | 1 Opera | 1 Opera Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications. |