Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4049 | 1 Opera | 1 Opera Browser | 2024-02-28 | 4.3 MEDIUM | N/A |
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document. | |||||
CVE-2010-2295 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted HTML document, aka rdar problem 7018610. NOTE: this might overlap CVE-2010-1422. | |||||
CVE-2011-1000 | 1 Freedesktop | 1 Telepathy Gabble | 2024-02-28 | 6.4 MEDIUM | N/A |
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. | |||||
CVE-2010-2640 | 1 Redhat | 1 Evince | 2024-02-28 | 7.6 HIGH | N/A |
Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | |||||
CVE-2010-3762 | 1 Isc | 1 Bind | 2024-02-28 | 4.3 MEDIUM | N/A |
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. | |||||
CVE-2011-1579 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 5.8 MEDIUM | N/A |
The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments. | |||||
CVE-2011-0228 | 1 Apple | 1 Iphone Os | 2024-02-28 | 7.5 HIGH | N/A |
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | |||||
CVE-2011-3496 | 1 Measuresoft | 1 Scadapro | 2024-02-28 | 10.0 HIGH | N/A |
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command. | |||||
CVE-2009-4467 | 1 Deluxebb | 1 Deluxebb | 2024-02-28 | 4.0 MEDIUM | N/A |
misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action. | |||||
CVE-2011-4553 | 1 Oneclickorgs | 1 One Click Orgs | 2024-02-28 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain. | |||||
CVE-2010-1632 | 2 Apache, Ibm | 6 Axis2, Geronimo, Orchestration Director Engine and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. | |||||
CVE-2011-4685 | 1 Opera | 1 Opera Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com. | |||||
CVE-2011-1154 | 1 Gentoo | 1 Logrotate | 2024-02-28 | 6.9 MEDIUM | N/A |
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | |||||
CVE-2009-4493 | 1 Orion | 1 Orion Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | |||||
CVE-2011-0190 | 1 Apple | 3 Installer, Mac Os X, Mac Os X Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. | |||||
CVE-2010-3247 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
Google Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences. | |||||
CVE-2010-3237 | 1 Microsoft | 2 Excel, Office | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." | |||||
CVE-2011-1294 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
CVE-2011-2842 | 2 Apple, Google | 2 Mac Os X, Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors. | |||||
CVE-2011-0684 | 1 Opera | 1 Opera Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation. |