Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3091 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3092 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3093 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3094 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3095 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | |||||
| CVE-2011-3096 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2017-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox. | |||||
| CVE-2011-3100 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3101 | 2 Google, Linux | 2 Chrome, Linux | 2017-12-29 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products. | |||||
| CVE-2011-3102 | 2 Apple, Google | 2 Iphone Os, Chrome | 2017-12-29 | 6.8 MEDIUM | N/A |
| Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3639 | 1 Apache | 10 Http Server, Http Server2.0a1, Http Server2.0a2 and 7 more | 2017-12-29 | 4.3 MEDIUM | N/A |
| The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. | |||||
| CVE-2011-3658 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-29 | 7.5 HIGH | N/A |
| The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | |||||
| CVE-2011-3670 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-29 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | |||||
| CVE-2011-4024 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2017-12-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4086 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.9 MEDIUM | N/A |
| The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. | |||||
| CVE-2011-4127 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2017-12-29 | 4.6 MEDIUM | N/A |
| The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. | |||||
| CVE-2011-4128 | 1 Gnu | 1 Gnutls | 2017-12-29 | 4.3 MEDIUM | N/A |
| Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. | |||||
| CVE-2011-4131 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.6 MEDIUM | N/A |
| The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words. | |||||
| CVE-2011-4132 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2017-12-29 | 2.1 LOW | N/A |
| The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." | |||||
| CVE-2011-4188 | 1 Novell | 1 Imanager | 2017-12-29 | 4.0 MEDIUM | N/A |
| Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. | |||||
| CVE-2011-4622 | 1 Redhat | 1 Kvm | 2017-12-29 | 4.9 MEDIUM | N/A |
| The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. | |||||
| CVE-2012-0045 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.7 MEDIUM | N/A |
| The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file. | |||||
| CVE-2012-0468 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-29 | 10.0 HIGH | N/A |
| The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. | |||||
| CVE-2012-0469 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. | |||||
| CVE-2012-0472 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 9.3 HIGH | N/A |
| The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0473 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 5.0 MEDIUM | N/A |
| The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. | |||||
| CVE-2012-0474 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." | |||||
| CVE-2012-0478 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 9.3 HIGH | N/A |
| The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. | |||||
| CVE-2012-0942 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2017-12-29 | 7.5 HIGH | N/A |
| Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. | |||||
| CVE-2012-0946 | 1 Nvidia | 1 Unix Driver | 2017-12-29 | 4.6 MEDIUM | N/A |
| The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | |||||
| CVE-2012-1179 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 5.2 MEDIUM | N/A |
| The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. | |||||
| CVE-2012-1240 | 1 Recruit | 1 Dokodemo Rikunabi 2013 | 2017-12-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1241 | 1 Artonx.org | 1 Activescriptruby | 2017-12-29 | 7.5 HIGH | N/A |
| GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | |||||
| CVE-2012-1243 | 2 Google, Studiohitori | 2 Android, Twitrocker2 Android | 2017-12-29 | 5.0 MEDIUM | N/A |
| The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-1311 | 1 Cisco | 2 Ios, Ios Xe | 2017-12-29 | 7.8 HIGH | N/A |
| The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643. | |||||
| CVE-2012-1312 | 1 Cisco | 1 Ios | 2017-12-29 | 7.1 HIGH | N/A |
| The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226. | |||||
| CVE-2012-1314 | 1 Cisco | 1 Ios | 2017-12-29 | 7.8 HIGH | N/A |
| The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. | |||||
| CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2017-12-29 | 8.3 HIGH | N/A |
| VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
| CVE-2012-1593 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 3.3 LOW | N/A |
| epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. | |||||
| CVE-2012-1594 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 3.3 LOW | N/A |
| epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2012-1595 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 4.3 MEDIUM | N/A |
| The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. | |||||
| CVE-2012-1596 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 5.0 MEDIUM | N/A |
| The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. | |||||
| CVE-2012-1923 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2017-12-29 | 2.1 LOW | N/A |
| RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. | |||||
| CVE-2012-1939 | 1 Mozilla | 2 Firefox Esr, Thunderbird Esr | 2017-12-29 | 9.3 HIGH | N/A |
| jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code. | |||||
| CVE-2012-1941 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. | |||||
| CVE-2012-1942 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-12-29 | 7.2 HIGH | N/A |
| The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. | |||||
| CVE-2012-1943 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-12-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. | |||||
| CVE-2012-1944 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 4.3 MEDIUM | N/A |
| The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document. | |||||
| CVE-2012-1945 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 2.9 LOW | N/A |
| Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. | |||||
| CVE-2012-1946 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. | |||||
| CVE-2012-1948 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||