Search
Total
3527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0684 | 1 Opera | 1 Opera Browser | 2017-09-19 | 5.0 MEDIUM | N/A |
| Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation. | |||||
| CVE-2011-0685 | 1 Opera | 1 Opera Browser | 2017-09-19 | 2.1 LOW | N/A |
| The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation. | |||||
| CVE-2011-0531 | 1 Videolan | 1 Vlc Media Player | 2017-09-19 | 9.3 HIGH | N/A |
| demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro. | |||||
| CVE-2011-0082 | 1 Mozilla | 1 Firefox | 2017-09-19 | 4.3 MEDIUM | N/A |
| The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server. | |||||
| CVE-2011-0073 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 10.0 HIGH | N/A |
| Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | |||||
| CVE-2011-0067 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | |||||
| CVE-2011-0051 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. | |||||
| CVE-2010-4528 | 1 Pidgin | 2 Libpurple, Pidgin | 2017-09-19 | 4.0 MEDIUM | N/A |
| directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. | |||||
| CVE-2010-4044 | 1 Opera | 1 Opera Browser | 2017-09-19 | 4.3 MEDIUM | N/A |
| Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size. | |||||
| CVE-2010-4036 | 1 Google | 1 Chrome | 2017-09-19 | 6.8 MEDIUM | N/A |
| Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. | |||||
| CVE-2010-4035 | 1 Google | 1 Chrome | 2017-09-19 | 9.3 HIGH | N/A |
| Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2010-4034 | 1 Google | 1 Chrome | 2017-09-19 | 9.3 HIGH | N/A |
| Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2010-4049 | 1 Opera | 1 Opera Browser | 2017-09-19 | 4.3 MEDIUM | N/A |
| Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document. | |||||
| CVE-2010-4048 | 1 Opera | 1 Opera Browser | 2017-09-19 | 4.3 MEDIUM | N/A |
| Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. | |||||
| CVE-2010-3774 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | 4.3 MEDIUM | N/A |
| The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. | |||||
| CVE-2010-3768 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. | |||||
| CVE-2010-3732 | 1 Ibm | 1 Db2 | 2017-09-19 | 3.5 LOW | N/A |
| The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. | |||||
| CVE-2010-3711 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 4.0 MEDIUM | N/A |
| libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support. | |||||
| CVE-2010-3106 | 1 Novell | 1 Iprint | 2017-09-19 | 9.3 HIGH | N/A |
| The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method. | |||||
| CVE-2010-2993 | 1 Wireshark | 1 Wireshark | 2017-09-19 | 5.0 MEDIUM | N/A |
| The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2010-2937 | 1 Videolan | 1 Vlc Media Player | 2017-09-19 | 5.0 MEDIUM | N/A |
| The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file. | |||||
| CVE-2010-1807 | 3 Apple, Google, Webkitgtk | 3 Safari, Android, Webkitgtk | 2017-09-19 | 9.3 HIGH | N/A |
| WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | |||||
| CVE-2010-1624 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 5.0 MEDIUM | N/A |
| The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message. | |||||
| CVE-2010-1455 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2017-09-19 | 4.3 MEDIUM | N/A |
| The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. | |||||
| CVE-2010-1237 | 1 Google | 1 Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element. | |||||
| CVE-2010-1235 | 1 Google | 1 Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors. | |||||
| CVE-2010-1210 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. | |||||
| CVE-2010-1213 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. | |||||
| CVE-2010-0741 | 3 Kvm Qumranet, Linux, Qemu | 3 Kvm, Linux Kernel, Qemu | 2017-09-19 | 7.8 HIGH | N/A |
| The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO). | |||||
| CVE-2010-0420 | 1 Pidgin | 1 Pidgin | 2017-09-19 | 4.3 MEDIUM | N/A |
| libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname. | |||||
| CVE-2010-0308 | 1 Squid-cache | 1 Squid | 2017-09-19 | 4.0 MEDIUM | N/A |
| lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | |||||
| CVE-2010-0189 | 2 Adobe, Nos Microsystems | 2 Download Manager, Getplus Download Manager | 2017-09-19 | 9.3 HIGH | N/A |
| A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to force the download and installation of arbitrary programs via a crafted name for a download site. | |||||
| CVE-2010-0097 | 1 Isc | 1 Bind | 2017-09-19 | 4.3 MEDIUM | N/A |
| ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | |||||
| CVE-2010-0045 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-19 | 9.3 HIGH | N/A |
| Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. | |||||
| CVE-2009-4854 | 1 Scripts.oldguy | 1 Talkback | 2017-09-19 | 7.5 HIGH | N/A |
| addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter. | |||||
| CVE-2010-0051 | 1 Apple | 1 Safari | 2017-09-19 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. | |||||
| CVE-2009-4658 | 1 Omidrouhani | 1 Xerver | 2017-09-19 | 4.0 MEDIUM | N/A |
| Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657. | |||||
| CVE-2009-2305 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2017-09-19 | 7.8 HIGH | N/A |
| The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences. | |||||
| CVE-2009-2261 | 1 Giorgio Tani | 1 Peazip | 2017-09-19 | 9.3 HIGH | N/A |
| PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command. | |||||
| CVE-2009-2855 | 1 Squid-cache | 1 Squid | 2017-09-19 | 5.0 MEDIUM | N/A |
| The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. | |||||
| CVE-2009-4546 | 1 Logoshows | 1 Logoshows Bbs | 2017-09-19 | 7.5 HIGH | N/A |
| globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies. | |||||
| CVE-2009-4272 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2017-09-19 | 7.8 HIGH | N/A |
| A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic. | |||||
| CVE-2009-4106 | 1 Ohloh | 1 Agoko Cms | 2017-09-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and earlier allows remote attackers to inject and execute arbitrary PHP code via the filename and text parameters. | |||||
| CVE-2009-3753 | 1 Opial | 1 Opial | 2017-09-19 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php. | |||||
| CVE-2009-3620 | 1 Linux | 1 Linux Kernel | 2017-09-19 | 4.9 MEDIUM | N/A |
| The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. | |||||
| CVE-2009-3549 | 2 Sun, Wireshark | 2 Sparc, Wireshark | 2017-09-19 | 5.0 MEDIUM | N/A |
| packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. | |||||
| CVE-2009-3545 | 1 Datawizard | 1 Ftpxq Server | 2017-09-19 | 4.0 MEDIUM | N/A |
| DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticated users to cause a denial of service (crash) via a long ABOR command. | |||||
| CVE-2009-3523 | 1 Avast | 2 Avast Antivirus Home, Avast Antivirus Professional | 2017-09-19 | 6.9 MEDIUM | N/A |
| aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. | |||||
| CVE-2009-3271 | 1 Apple | 2 Iphone Os, Safari | 2017-09-19 | 4.3 MEDIUM | N/A |
| Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | |||||
| CVE-2009-3250 | 1 Vtiger | 1 Vtiger Crm | 2017-09-19 | 9.0 HIGH | N/A |
| The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. | |||||