Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6954 | 1 Libpng | 1 Libpng | 2018-01-05 | 5.0 MEDIUM | N/A |
| The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. | |||||
| CVE-2014-8150 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Libcurl | 2018-01-05 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. | |||||
| CVE-2015-0562 | 1 Wireshark | 1 Wireshark | 2018-01-05 | 5.0 MEDIUM | N/A |
| Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory. | |||||
| CVE-2014-9425 | 2 Apple, Php | 2 Mac Os X, Php | 2018-01-05 | 7.5 HIGH | N/A |
| Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-1821 | 2 Microsoft, Symantec | 2 Windows 2003 Server, Endpoint Protection | 2018-01-05 | 5.0 MEDIUM | N/A |
| The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. | |||||
| CVE-2014-8137 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2018-01-05 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. | |||||
| CVE-2012-1967 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 10.0 HIGH | N/A |
| Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | |||||
| CVE-2012-1593 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 3.3 LOW | N/A |
| epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. | |||||
| CVE-2011-3087 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors. | |||||
| CVE-2014-3154 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown. | |||||
| CVE-2014-3155 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. | |||||
| CVE-2014-3465 | 1 Gnu | 1 Gnutls | 2017-12-29 | 5.0 MEDIUM | N/A |
| The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. | |||||
| CVE-2014-3146 | 1 Lxml | 1 Lxml | 2017-12-29 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function. | |||||
| CVE-2012-0045 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.7 MEDIUM | N/A |
| The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file. | |||||
| CVE-2012-1943 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-12-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. | |||||
| CVE-2012-1955 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | |||||
| CVE-2012-1950 | 1 Mozilla | 2 Firefox, Firefox Esr | 2017-12-29 | 6.4 MEDIUM | N/A |
| The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. | |||||
| CVE-2014-1537 | 1 Mozilla | 1 Firefox | 2017-12-28 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2014-1536 | 1 Mozilla | 1 Firefox | 2017-12-28 | 10.0 HIGH | N/A |
| The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2014-1545 | 1 Mozilla | 1 Netscape Portable Runtime | 2017-12-28 | 10.0 HIGH | N/A |
| Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. | |||||
| CVE-2014-1540 | 1 Mozilla | 1 Firefox | 2017-12-28 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. | |||||
| CVE-2014-1541 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2017-12-28 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. | |||||
| CVE-2014-1538 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2017-12-28 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2002-1643 | 1 Realnetworks | 1 Helix Universal Server | 2017-12-23 | 7.5 HIGH | N/A |
| Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments. | |||||
| CVE-2002-1951 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 7.5 HIGH | N/A |
| Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. | |||||
| CVE-2000-0227 | 1 Linux | 1 Linux Kernel | 2017-12-20 | 2.1 LOW | N/A |
| The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets. | |||||
| CVE-1999-1264 | 1 Ramp Networks | 1 Webramp | 2017-12-20 | 7.5 HIGH | N/A |
| WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled. | |||||
| CVE-2002-0680 | 3 Goahead Software, Montavista Software, Orange Software | 3 Goahead Webserver, Hard Hat Linux, Orange Web Server | 2017-12-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. | |||||
| CVE-2002-0681 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. | |||||
| CVE-2001-0228 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. | |||||
| CVE-2001-0984 | 1 Counterpane | 1 Password Safe | 2017-12-20 | 4.6 MEDIUM | N/A |
| Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords. | |||||
| CVE-2001-0385 | 1 Goahead Software | 1 Goahead Webserver | 2017-12-20 | 5.0 MEDIUM | N/A |
| GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | |||||
| CVE-2001-0068 | 1 Apple | 1 Mac Os Runtime For Java | 2017-12-19 | 2.6 LOW | N/A |
| Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter. | |||||
| CVE-2001-0454 | 1 Whitsoft | 1 Slimserve | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request. | |||||
| CVE-2001-0458 | 4 Debian, Mandrakesoft, Ralf S. Engelschall and 1 more | 4 Debian Linux, Mandrake Linux, Eperl and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0459 | 2 Afterstep.org, Rob Malda | 2 Afterstep, Ascdc | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option. | |||||
| CVE-2001-0460 | 1 Baltimore Technologies | 1 Websweeper | 2017-12-19 | 5.0 MEDIUM | N/A |
| Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header. | |||||
| CVE-2000-1156 | 1 Sun | 1 Staroffice | 2017-12-19 | 3.6 LOW | N/A |
| StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. | |||||
| CVE-2001-0468 | 1 Ftpfs | 1 Ftpfs | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in FTPFS allows local users to gain root privileges via a long user name. | |||||
| CVE-2001-0472 | 1 Ibm | 1 High Availability Cluster Multiprocessing | 2017-12-19 | 5.0 MEDIUM | N/A |
| Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request. | |||||
| CVE-2001-0476 | 1 Swsoft | 1 Aspseek | 2017-12-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter. | |||||
| CVE-2001-1154 | 2 Bsdi, Carnegie Mellon University | 2 Bsd Os, Cyrus Imap Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. | |||||
| CVE-2001-1151 | 1 Trend Micro | 2 Officescan, Virus Buster | 2017-12-19 | 5.0 MEDIUM | N/A |
| Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. | |||||
| CVE-2001-0027 | 1 Proftpd Project | 1 Proftpd | 2017-12-19 | 7.5 HIGH | N/A |
| mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. | |||||
| CVE-2001-1140 | 1 Working Resources Inc. | 1 Badblue | 2017-12-19 | 5.0 MEDIUM | N/A |
| BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. | |||||
| CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2017-12-19 | 7.5 HIGH | N/A |
| ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. | |||||
| CVE-2001-0491 | 1 Team Johnlong | 1 Raidenftpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST. | |||||
| CVE-2001-0492 | 1 Netcruiser Software | 1 Netcruiser Web Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3. | |||||
| CVE-2001-0496 | 2 Mandrakesoft, Redhat | 2 Mandrake Linux, Linux | 2017-12-19 | 4.6 MEDIUM | N/A |
| kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. | |||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | |||||