Total
2546 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2902 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading. | |||||
CVE-2013-5516 | 1 Cisco | 1 Telepresence Multipoint Switch | 2024-02-28 | 6.3 MEDIUM | N/A |
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796. | |||||
CVE-2013-4163 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.7 MEDIUM | N/A |
The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. | |||||
CVE-2012-4515 | 1 Kde | 1 Kde | 2024-02-28 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | |||||
CVE-2012-1811 | 1 C3-ilex | 1 Eoscada | 2024-02-28 | 7.8 HIGH | N/A |
EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006. | |||||
CVE-2013-3881 | 1 Microsoft | 1 Windows 7 | 2024-02-28 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability." | |||||
CVE-2013-1003 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
CVE-2013-0828 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | |||||
CVE-2013-3435 | 1 Cisco | 2 Unified Ip Conference Station 7937g, Unified Ip Conference Station 7937g Firmware | 2024-02-28 | 5.0 MEDIUM | N/A |
The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052. | |||||
CVE-2013-6692 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 6.3 MEDIUM | N/A |
Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949. | |||||
CVE-2012-0858 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2024-02-28 | 6.8 MEDIUM | N/A |
The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". | |||||
CVE-2012-6041 | 1 Morequick | 1 Greenbrowser | 2024-02-28 | 6.8 MEDIUM | N/A |
Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe. | |||||
CVE-2011-3079 | 3 Google, Mozilla, Opensuse | 6 Chrome, Firefox, Firefox Esr and 3 more | 2024-02-28 | 10.0 HIGH | N/A |
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. | |||||
CVE-2012-1867 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2024-02-28 | 7.2 HIGH | N/A |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." | |||||
CVE-2012-6063 | 1 Libssh | 1 Libssh | 2024-02-28 | 7.5 HIGH | N/A |
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559. | |||||
CVE-2012-3510 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 5.6 MEDIUM | N/A |
Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. | |||||
CVE-2013-2912 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the PepperInProcessRouter::SendToHost function in content/renderer/pepper/pepper_in_process_router.cc in the Pepper Plug-in API (PPAPI) in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a resource-destruction message. | |||||
CVE-2013-3195 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability." | |||||
CVE-2013-4371 | 1 Xen | 1 Xen | 2024-02-28 | 4.4 MEDIUM | N/A |
Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2012-1346 | 1 Cisco | 1 Emergency Responder | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. |