Search
Total
3527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0198 | 1 Thekelleys | 1 Dnsmasq | 2020-05-27 | 5.0 MEDIUM | N/A |
| Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. | |||||
| CVE-2011-1804 | 1 Google | 1 Chrome | 2020-05-22 | 7.5 HIGH | N/A |
| rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1456 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | |||||
| CVE-2011-1452 | 1 Google | 1 Chrome | 2020-05-22 | 5.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload. | |||||
| CVE-2011-1451 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-22 | 7.5 HIGH | N/A |
| Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers." | |||||
| CVE-2011-1448 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1303 | 1 Google | 1 Chrome | 2020-05-22 | 7.5 HIGH | N/A |
| Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1443 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." | |||||
| CVE-2011-1450 | 1 Google | 1 Chrome | 2020-05-22 | 5.0 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers." | |||||
| CVE-2011-1447 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1442 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1438 | 1 Google | 1 Chrome | 2020-05-22 | 7.5 HIGH | N/A |
| Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs. | |||||
| CVE-2011-1434 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1813 | 1 Google | 1 Chrome | 2020-05-22 | 6.8 MEDIUM | N/A |
| Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1811 | 1 Google | 1 Chrome | 2020-05-22 | 4.3 MEDIUM | N/A |
| Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2014-9584 | 7 Canonical, Debian, Linux and 4 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2020-05-21 | 2.1 LOW | N/A |
| The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | |||||
| CVE-2014-8160 | 6 Canonical, Debian, Linux and 3 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2020-05-21 | 5.0 MEDIUM | N/A |
| net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. | |||||
| CVE-2011-2332 | 1 Google | 1 Chrome | 2020-05-21 | 7.5 HIGH | N/A |
| Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2011-2785 | 1 Google | 1 Chrome | 2020-05-21 | 4.3 MEDIUM | N/A |
| The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension. | |||||
| CVE-2011-2359 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2020-05-21 | 6.8 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-2783 | 1 Google | 1 Chrome | 2020-05-20 | 6.8 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. | |||||
| CVE-2011-2358 | 1 Google | 1 Chrome | 2020-05-20 | 6.8 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. | |||||
| CVE-2011-2804 | 1 Google | 1 Chrome | 2020-05-20 | 4.3 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2011-2802 | 1 Google | 1 Chrome | 2020-05-20 | 6.8 MEDIUM | N/A |
| Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2011-2786 | 1 Google | 1 Chrome | 2020-05-20 | 4.3 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element. | |||||
| CVE-2011-2787 | 1 Google | 1 Chrome | 2020-05-19 | 4.3 MEDIUM | N/A |
| Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2011-2839 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2020-05-19 | 7.5 HIGH | N/A |
| The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-4684 | 1 Cisco | 1 Ios | 2020-05-18 | 7.1 HIGH | N/A |
| Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. | |||||
| CVE-2009-5038 | 1 Cisco | 1 Ios | 2020-05-13 | 7.8 HIGH | N/A |
| Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. | |||||
| CVE-2010-4687 | 1 Cisco | 1 Ios | 2020-05-12 | 5.0 MEDIUM | N/A |
| STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. | |||||
| CVE-2013-2770 | 1 Novell | 2 Kanaka, Open Enterprise Server | 2020-05-11 | 5.8 MEDIUM | N/A |
| The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate. | |||||
| CVE-2014-3314 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2020-05-11 | 5.0 MEDIUM | N/A |
| Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940. | |||||
| CVE-2011-3880 | 1 Google | 1 Chrome | 2020-05-11 | 7.5 HIGH | N/A |
| Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors. | |||||
| CVE-2011-2845 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2020-05-11 | 4.3 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | |||||
| CVE-2011-2861 | 1 Google | 1 Chrome | 2020-05-08 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation. | |||||
| CVE-2011-2848 | 1 Google | 1 Chrome | 2020-05-08 | 4.3 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button. | |||||
| CVE-2011-2841 | 1 Google | 1 Chrome | 2020-05-08 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2011-2840 | 1 Google | 1 Chrome | 2020-05-08 | 4.3 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction." | |||||
| CVE-2011-2838 | 1 Google | 1 Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-2842 | 2 Apple, Google | 2 Mac Os X, Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors. | |||||
| CVE-2011-3884 | 1 Google | 1 Chrome | 2020-05-08 | 6.8 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2011-3875 | 1 Google | 1 Chrome | 2020-05-07 | 4.3 MEDIUM | N/A |
| Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | |||||
| CVE-2011-3907 | 1 Google | 1 Chrome | 2020-05-07 | 4.3 MEDIUM | N/A |
| The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors. | |||||
| CVE-2011-3964 | 1 Google | 1 Chrome | 2020-04-17 | 5.8 MEDIUM | N/A |
| Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors. | |||||
| CVE-2011-3063 | 1 Google | 1 Chrome | 2020-04-14 | 4.3 MEDIUM | N/A |
| Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. | |||||
| CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2020-04-09 | 10.0 HIGH | N/A |
| The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | |||||
| CVE-2007-0213 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 10.0 HIGH | N/A |
| Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | |||||
| CVE-2010-1690 | 1 Microsoft | 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more | 2020-04-09 | 6.4 MEDIUM | N/A |
| The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | |||||
| CVE-2010-0024 | 1 Microsoft | 6 Exchange Server, Windows 2000, Windows 2003 Server and 3 more | 2020-04-09 | 5.0 MEDIUM | N/A |
| The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." | |||||
| CVE-2001-0509 | 1 Microsoft | 4 Exchange Server, Sql Server, Windows 2000 and 1 more | 2020-04-02 | 5.0 MEDIUM | N/A |
| Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. | |||||