Search
Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0162 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | |||||
| CVE-2008-3648 | 1 Microsoft | 1 Windows Xp | 2017-08-08 | 9.3 HIGH | N/A |
| nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | |||||
| CVE-2008-0322 | 1 Microsoft | 1 Windows Xp | 2017-08-08 | 7.2 HIGH | N/A |
| The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. | |||||
| CVE-2008-1024 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2017-08-08 | 6.8 MEDIUM | N/A |
| Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | |||||
| CVE-2007-4671 | 2 Apple, Microsoft | 5 Iphone, Mac Os X, Safari and 2 more | 2017-07-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. | |||||
| CVE-2007-3756 | 2 Apple, Microsoft | 5 Iphone, Mac Os X, Safari and 2 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. | |||||
| CVE-2007-3760 | 2 Apple, Microsoft | 5 Iphone, Mac Os X, Safari and 2 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. | |||||
| CVE-2007-3758 | 2 Apple, Microsoft | 5 Iphone, Mac Os X, Safari and 2 more | 2017-07-29 | 4.3 MEDIUM | N/A |
| Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2007-3750 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2017-07-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. | |||||
| CVE-2007-3436 | 1 Microsoft | 2 Msn Messenger, Windows Xp | 2017-07-29 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. | |||||
| CVE-2007-3376 | 2 Apple, Microsoft | 2 Safari, Windows Xp | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. | |||||
| CVE-2007-3350 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2017-07-29 | 7.8 HIGH | N/A |
| AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. | |||||
| CVE-2007-3437 | 2 Aol, Microsoft | 2 Instant Messenger, Windows Xp | 2017-07-29 | 7.8 HIGH | N/A |
| AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. | |||||
| CVE-2007-1945 | 5 Hp, Ibm, Linux and 2 more | 9 Hp-ux, Aix, I5os and 6 more | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors. | |||||
| CVE-2007-1727 | 4 Hp, Linux, Microsoft and 1 more | 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | |||||
| CVE-2007-0933 | 2 D-link, Microsoft | 2 Dwl-g650\+, Windows Xp | 2017-07-29 | 7.8 HIGH | N/A |
| Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. | |||||
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | |||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
| CVE-2005-4697 | 1 Microsoft | 1 Windows Xp | 2017-07-20 | 2.1 LOW | N/A |
| The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. | |||||
| CVE-2005-3595 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 10.0 HIGH | N/A |
| By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. | |||||
| CVE-2005-0904 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 2.1 LOW | N/A |
| Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe. | |||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | |||||
| CVE-2004-2365 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-07-11 | 2.1 LOW | N/A |
| Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. | |||||
| CVE-2004-1623 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 5.0 MEDIUM | N/A |
| The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. | |||||
| CVE-2004-2290 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 7.5 HIGH | N/A |
| Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. | |||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-07-11 | 5.4 MEDIUM | N/A |
| The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | |||||
| CVE-2004-0474 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 5.1 MEDIUM | N/A |
| Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue. | |||||
| CVE-2003-0897 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 4.6 MEDIUM | N/A |
| "Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications. | |||||
| CVE-2010-4314 | 2 Microsoft, Novell | 4 Windows 7, Windows Vista, Windows Xp and 1 more | 2017-03-15 | 9.3 HIGH | 8.8 HIGH |
| Remote attackers can use the iPrint web-browser ActiveX plugin in Novell iPrint Client before 5.42 for Windows XP/Vista/Win7 to execute code by overflowing the "name" parameter. | |||||
| CVE-2005-1649 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-01-20 | 5.0 MEDIUM | N/A |
| The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). | |||||
| CVE-2007-6753 | 1 Microsoft | 5 Windows 2000, Windows 7, Windows Server 2008 and 2 more | 2016-11-28 | 6.2 MEDIUM | N/A |
| Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. | |||||
| CVE-2002-0283 | 1 Microsoft | 1 Windows Xp | 2016-10-18 | 5.0 MEDIUM | N/A |
| Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. | |||||
| CVE-2014-7286 | 2 Microsoft, Symantec | 3 Windows Server 2003, Windows Xp, Deployment Solution | 2016-09-06 | 7.2 HIGH | N/A |
| Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2011-1797 | 3 Apple, Chromium Project, Microsoft | 8 Mac Os X, Mac Os X Server, Safari and 5 more | 2015-01-07 | 9.3 HIGH | N/A |
| WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
| CVE-2011-0191 | 2 Apple, Microsoft | 5 Itunes, Windows, Windows 7 and 2 more | 2014-02-21 | 9.3 HIGH | N/A |
| Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. | |||||
| CVE-2011-0192 | 2 Apple, Microsoft | 5 Itunes, Windows, Windows 7 and 2 more | 2014-02-21 | 9.3 HIGH | N/A |
| Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-4858 | 1 Microsoft | 2 Windows Movie Maker, Windows Xp | 2013-12-30 | 4.3 MEDIUM | N/A |
| Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | |||||
| CVE-2013-6801 | 1 Microsoft | 2 Windows Xp, Word | 2013-11-19 | 7.1 HIGH | N/A |
| Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb" issue. | |||||
| CVE-2013-3956 | 2 Microsoft, Novell | 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more | 2013-08-22 | 7.2 HIGH | N/A |
| The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. | |||||
| CVE-2013-3697 | 2 Microsoft, Novell | 7 Windows 2003 Server, Windows 7, Windows 8 and 4 more | 2013-07-31 | 7.2 HIGH | N/A |
| Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. | |||||
| CVE-2013-3661 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2013-06-06 | 4.9 MEDIUM | N/A |
| The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. | |||||
| CVE-2013-0931 | 2 Microsoft, Rsa | 3 Windows 2003 Server, Windows Xp, Authentication Agent For Windows | 2013-03-06 | 5.4 MEDIUM | N/A |
| EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. | |||||
| CVE-2012-6533 | 2 Microsoft, Symantec | 4 Windows 2003 Server, Windows Xp, Encryption Desktop and 1 more | 2013-02-20 | 4.4 MEDIUM | N/A |
| Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. | |||||
| CVE-2011-0216 | 2 Apple, Microsoft | 4 Safari, Windows 7, Windows Vista and 1 more | 2013-02-07 | 9.3 HIGH | N/A |
| Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. | |||||
| CVE-2010-5184 | 2 Checkpoint, Microsoft | 2 Zonealarm Extreme Security, Windows Xp | 2012-09-05 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5183 | 2 Microsoft, Webroot | 2 Windows Xp, Internet Security Essentials | 2012-09-05 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5153 | 2 Avira, Microsoft | 2 Premium Security Suite, Windows Xp | 2012-08-29 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5152 | 2 Avg, Microsoft | 2 Internet Security, Windows Xp | 2012-08-29 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5176 | 2 Microsoft, Pcsecurityshield | 2 Windows Xp, Security Shield 2010 | 2012-08-27 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5174 | 2 Microsoft, Prevx | 2 Windows Xp, Prevx | 2012-08-27 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||