Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-3884 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||||
CVE-2010-2812 | 1 Znc | 1 Znc | 2024-02-28 | 5.0 MEDIUM | N/A |
Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument. | |||||
CVE-2011-4405 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 7.5 HIGH | N/A |
The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories. | |||||
CVE-2009-4496 | 1 Boa | 1 Boa | 2024-02-28 | 5.0 MEDIUM | N/A |
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | |||||
CVE-2010-3732 | 1 Ibm | 1 Db2 | 2024-02-28 | 3.5 LOW | N/A |
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. | |||||
CVE-2010-1841 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 9.3 HIGH | N/A |
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image. | |||||
CVE-2012-1035 | 1 Adacore | 1 Ada Web Services | 2024-02-28 | 5.0 MEDIUM | N/A |
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
CVE-2011-1982 | 1 Microsoft | 1 Office | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability." | |||||
CVE-2011-5055 | 1 Maradns | 1 Maradns | 2024-02-28 | 5.0 MEDIUM | N/A |
MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024. | |||||
CVE-2010-1807 | 3 Apple, Google, Webkitgtk | 3 Safari, Android, Webkitgtk | 2024-02-28 | 9.3 HIGH | N/A |
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | |||||
CVE-2010-2937 | 1 Videolan | 1 Vlc Media Player | 2024-02-28 | 5.0 MEDIUM | N/A |
The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file. | |||||
CVE-2011-2490 | 1 Nrl | 1 Opie | 2024-02-28 | 7.2 HIGH | N/A |
opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by arranging for an account to already be running its maximum number of processes. | |||||
CVE-2011-2200 | 2 D-bus Project, Freedesktop | 2 D-bus, Dbus | 2024-02-28 | 4.6 MEDIUM | N/A |
The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. | |||||
CVE-2011-1491 | 1 Roundcube | 1 Webmail | 2024-02-28 | 3.5 LOW | N/A |
The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue. | |||||
CVE-2010-0114 | 1 Symantec | 1 Endpoint Protection | 2024-02-28 | 7.5 HIGH | N/A |
fw_charts.php in the reporting module in the Manager (aka SEPM) component in Symantec Endpoint Protection (SEP) 11.x before 11 RU6 MP2 allows remote attackers to bypass intended restrictions on report generation, overwrite arbitrary PHP scripts, and execute arbitrary code via a crafted request. | |||||
CVE-2011-0987 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 6.5 MEDIUM | N/A |
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. | |||||
CVE-2012-0292 | 1 Symantec | 5 Altiris Client Management Suite Pcanywhere Solution, Altiris Climentent Manage Suite Pcanywhere Solution, Altiris Deployment Solution Remote Pcanywhere Solution and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631. | |||||
CVE-2010-0482 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-28 | 4.7 MEDIUM | N/A |
The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." | |||||
CVE-2010-2597 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 4.3 MEDIUM | N/A |
The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. | |||||
CVE-2011-0027 | 1 Microsoft | 8 Data Access Components, Windows 2003 Server, Windows 7 and 5 more | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. |