Total
9730 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4249 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 10.0 HIGH | N/A |
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2011-0158 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | |||||
CVE-2011-0591 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. | |||||
CVE-2011-3150 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 6.8 MEDIUM | N/A |
Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack. | |||||
CVE-2010-2337 | 1 Rsa | 1 Federated Identity Manager | 2024-02-28 | 6.0 MEDIUM | N/A |
Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. | |||||
CVE-2011-0159 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.0 MEDIUM | N/A |
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. | |||||
CVE-2011-0037 | 1 Microsoft | 7 Forefront Client Security, Forefront Endpoint Protection 2010, Malicious Software Removal Tool and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. | |||||
CVE-2011-1269 | 1 Microsoft | 4 Office, Office Compatibility Pack, Open Xml File Format Converter and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability." | |||||
CVE-2010-4554 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-28 | 4.3 MEDIUM | N/A |
functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2009-2687 | 2 Debian, Php | 2 Debian Linux, Php | 2024-02-28 | 4.3 MEDIUM | N/A |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | |||||
CVE-2008-3530 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.1 HIGH | N/A |
sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message. | |||||
CVE-2008-6555 | 1 Puppetmaster | 1 Webutil | 2024-02-28 | 10.0 HIGH | N/A |
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | |||||
CVE-2009-1062 | 1 Adobe | 3 Acrobat, Acrobat Reader, Reader | 2024-02-28 | 9.3 HIGH | N/A |
Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to trigger memory corruption and possibly execute arbitrary code via unknown attack vectors related to JBIG2, a different vulnerability than CVE-2009-0193 and CVE-2009-1061. | |||||
CVE-2009-0478 | 1 Squid | 1 Squid | 2024-02-28 | 5.0 MEDIUM | N/A |
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. | |||||
CVE-2008-1589 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. | |||||
CVE-2009-2318 | 1 Axesstel | 1 Mv 410r | 2024-02-28 | 7.8 HIGH | N/A |
The Axesstel MV 410R allows remote attackers to cause a denial of service via a flood of SYN packets, a related issue to CVE-1999-0116. | |||||
CVE-2008-5872 | 1 Nortel | 1 Multimedia Communication Server 5100 | 2024-02-28 | 7.8 HIGH | N/A |
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a negative block size or other crafted Connection Details values. | |||||
CVE-2008-1453 | 1 Microsoft | 3 Windows-nt, Windows Vista, Windows Xp | 2024-02-28 | 8.3 HIGH | N/A |
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. | |||||
CVE-2008-5023 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. | |||||
CVE-2008-1835 | 1 Clam Anti-virus | 1 Clamav | 2024-02-28 | 5.0 MEDIUM | N/A |
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. |