Total
10027 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1739 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 4.3 MEDIUM | N/A |
| The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request. | |||||
| CVE-2010-3944 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." | |||||
| CVE-2010-3473 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-2632 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl. | |||||
| CVE-2010-2435 | 1 Salvo Tomaselli | 1 Weborf Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers. | |||||
| CVE-2011-4249 | 1 Realnetworks | 1 Realplayer | 2024-02-04 | 10.0 HIGH | N/A |
| Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-4384 | 3 Apple, Linux, Realnetworks | 3 Mac Os X, Linux Kernel, Realplayer | 2024-02-04 | 9.3 HIGH | N/A |
| Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file. | |||||
| CVE-2010-3629 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. | |||||
| CVE-2010-0238 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more | 2024-02-04 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." | |||||
| CVE-2012-1785 | 2 Kylegilman, Wordpress | 2 Video Embed \& Thumbnail Generator, Wordpress | 2024-02-04 | 7.5 HIGH | N/A |
| kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2011-1581 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 9.0 HIGH | N/A |
| The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. | |||||
| CVE-2010-4099 | 1 Nitrosecurity | 2 Nitroview Esm, Nitroview Esm Software | 2024-02-04 | 6.8 MEDIUM | N/A |
| ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess. | |||||
| CVE-2010-3614 | 1 Isc | 1 Bind | 2024-02-04 | 6.4 MEDIUM | N/A |
| named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. | |||||
| CVE-2010-3626 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. | |||||
| CVE-2010-2362 | 1 Winny | 1 Winny | 2024-02-04 | 10.0 HIGH | N/A |
| Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks. | |||||
| CVE-2011-4136 | 1 Djangoproject | 1 Django | 2024-02-04 | 5.8 MEDIUM | N/A |
| django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier. | |||||
| CVE-2011-3647 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-04 | 9.3 HIGH | N/A |
| The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | |||||
| CVE-2011-4311 | 1 Montala | 1 Resourcespace | 2024-02-04 | 5.0 MEDIUM | N/A |
| ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors. | |||||
| CVE-2011-4531 | 1 Siemens | 1 Automation License Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
| Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command. | |||||
| CVE-2010-4247 | 2 Citrix, Linux | 2 Xen, Linux Kernel | 2024-02-04 | 5.5 MEDIUM | N/A |
| The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. | |||||