Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-2632 | 1 Opera | 1 Opera Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl. | |||||
CVE-2010-4036 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. | |||||
CVE-2011-4783 | 2 Google, Hex-rays | 2 Idapython, Ida | 2024-02-28 | 9.3 HIGH | N/A |
The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory. | |||||
CVE-2010-2889 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. | |||||
CVE-2011-1826 | 1 Ca | 1 Arcot Webfort Versatile Authentication Server | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2011-0491 | 1 Tor | 1 Tor | 2024-02-28 | 5.0 MEDIUM | N/A |
The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors." | |||||
CVE-2010-4550 | 1 Ibm | 1 Lotus Notes Traveler | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. | |||||
CVE-2010-3788 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2024-02-28 | 6.8 MEDIUM | N/A |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. | |||||
CVE-2010-0366 | 1 Bitscripts | 1 Bits Video Script | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2010-3350 | 1 Bareftp | 1 Bareftp | 2024-02-28 | 6.9 MEDIUM | N/A |
bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
CVE-2010-4704 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 4.3 MEDIUM | N/A |
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. | |||||
CVE-2012-0267 | 1 Ntrglobal | 1 Ntr Activex Control | 2024-02-28 | 9.3 HIGH | N/A |
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer. | |||||
CVE-2010-4553 | 1 Ibm | 1 Lotus Notes Traveler | 2024-02-28 | 5.0 MEDIUM | N/A |
An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
CVE-2010-1563 | 1 Cisco | 1 Pgw 2200 Softswitch | 2024-02-28 | 7.8 HIGH | N/A |
The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588. | |||||
CVE-2011-0771 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2024-02-28 | 6.8 MEDIUM | N/A |
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | |||||
CVE-2011-2008 | 1 Microsoft | 1 Host Integration Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." | |||||
CVE-2009-5038 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. | |||||
CVE-2011-0160 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-02-28 | 5.0 MEDIUM | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||
CVE-2011-1268 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2024-02-28 | 10.0 HIGH | N/A |
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability." | |||||
CVE-2009-4495 | 1 Yaws | 1 Yaws | 2024-02-28 | 5.0 MEDIUM | N/A |
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. |