Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3048 | 1 Libpng | 1 Libpng | 2017-12-29 | 6.8 MEDIUM | N/A |
| The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. | |||||
| CVE-2011-3083 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted web page. | |||||
| CVE-2011-3084 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. | |||||
| CVE-2011-3085 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values. | |||||
| CVE-2011-3086 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element. | |||||
| CVE-2011-3087 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-3088 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3089 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables. | |||||
| CVE-2011-3090 | 1 Google | 1 Chrome | 2017-12-29 | 7.6 HIGH | N/A |
| Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes. | |||||
| CVE-2011-3091 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3092 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3093 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3094 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3095 | 1 Google | 1 Chrome | 2017-12-29 | 10.0 HIGH | N/A |
| The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | |||||
| CVE-2011-3096 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2017-12-29 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an error in the GTK implementation of the omnibox. | |||||
| CVE-2011-3100 | 1 Google | 1 Chrome | 2017-12-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-3101 | 2 Google, Linux | 2 Chrome, Linux | 2017-12-29 | 10.0 HIGH | N/A |
| Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products. | |||||
| CVE-2011-3102 | 2 Apple, Google | 2 Iphone Os, Chrome | 2017-12-29 | 6.8 MEDIUM | N/A |
| Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-3639 | 1 Apache | 10 Http Server, Http Server2.0a1, Http Server2.0a2 and 7 more | 2017-12-29 | 4.3 MEDIUM | N/A |
| The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. | |||||
| CVE-2011-3658 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-29 | 7.5 HIGH | N/A |
| The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | |||||
| CVE-2011-3670 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-29 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | |||||
| CVE-2011-4024 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2017-12-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-4086 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.9 MEDIUM | N/A |
| The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. | |||||
| CVE-2011-4127 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2017-12-29 | 4.6 MEDIUM | N/A |
| The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. | |||||
| CVE-2011-4128 | 1 Gnu | 1 Gnutls | 2017-12-29 | 4.3 MEDIUM | N/A |
| Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. | |||||
| CVE-2011-4131 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.6 MEDIUM | N/A |
| The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words. | |||||
| CVE-2011-4132 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2017-12-29 | 2.1 LOW | N/A |
| The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." | |||||
| CVE-2011-4188 | 1 Novell | 1 Imanager | 2017-12-29 | 4.0 MEDIUM | N/A |
| Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. | |||||
| CVE-2011-4622 | 1 Redhat | 1 Kvm | 2017-12-29 | 4.9 MEDIUM | N/A |
| The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. | |||||
| CVE-2012-0045 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.7 MEDIUM | N/A |
| The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file. | |||||
| CVE-2012-0468 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-29 | 10.0 HIGH | N/A |
| The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. | |||||
| CVE-2012-0469 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. | |||||
| CVE-2012-0472 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 9.3 HIGH | N/A |
| The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0473 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 5.0 MEDIUM | N/A |
| The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. | |||||
| CVE-2012-0474 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." | |||||
| CVE-2012-0478 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 9.3 HIGH | N/A |
| The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. | |||||
| CVE-2012-0942 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2017-12-29 | 7.5 HIGH | N/A |
| Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. | |||||
| CVE-2012-0946 | 1 Nvidia | 1 Unix Driver | 2017-12-29 | 4.6 MEDIUM | N/A |
| The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | |||||
| CVE-2012-1179 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 5.2 MEDIUM | N/A |
| The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. | |||||
| CVE-2012-1240 | 1 Recruit | 1 Dokodemo Rikunabi 2013 | 2017-12-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1241 | 1 Artonx.org | 1 Activescriptruby | 2017-12-29 | 7.5 HIGH | N/A |
| GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | |||||
| CVE-2012-1243 | 2 Google, Studiohitori | 2 Android, Twitrocker2 Android | 2017-12-29 | 5.0 MEDIUM | N/A |
| The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-1311 | 1 Cisco | 2 Ios, Ios Xe | 2017-12-29 | 7.8 HIGH | N/A |
| The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643. | |||||
| CVE-2012-1312 | 1 Cisco | 1 Ios | 2017-12-29 | 7.1 HIGH | N/A |
| The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226. | |||||
| CVE-2012-1314 | 1 Cisco | 1 Ios | 2017-12-29 | 7.8 HIGH | N/A |
| The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. | |||||
| CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2017-12-29 | 8.3 HIGH | N/A |
| VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
| CVE-2012-1593 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 3.3 LOW | N/A |
| epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. | |||||
| CVE-2012-1594 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 3.3 LOW | N/A |
| epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2012-1595 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 4.3 MEDIUM | N/A |
| The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. | |||||
| CVE-2012-1596 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 5.0 MEDIUM | N/A |
| The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. | |||||