Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0730 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop | 2024-02-04 | 2.6 LOW | N/A |
| The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation. | |||||
| CVE-2011-3484 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | N/A |
| The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. | |||||
| CVE-2009-3305 | 1 Pps.jussieu | 1 Polipo | 2024-02-04 | 5.0 MEDIUM | N/A |
| Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors. | |||||
| CVE-2011-1528 | 1 Mit | 1 Kerberos 5 | 2024-02-04 | 7.8 HIGH | N/A |
| The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151. | |||||
| CVE-2010-3268 | 3 Intel, Microsoft, Symantec | 4 Intel Alert Management System, Windows 2000, Antivirus and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. | |||||
| CVE-2011-1186 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code. | |||||
| CVE-2010-4193 | 1 Adobe | 1 Shockwave Player | 2024-02-04 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-1475 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.0 MEDIUM | N/A |
| The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | |||||
| CVE-2010-3106 | 1 Novell | 1 Iprint | 2024-02-04 | 9.3 HIGH | N/A |
| The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method. | |||||
| CVE-2010-2289 | 1 Juniper | 1 Secure Access | 2024-02-04 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter. | |||||
| CVE-2010-1517 | 1 Gigabyte | 1 Dldrv2 Activex Control | 2024-02-04 | 10.0 HIGH | N/A |
| The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via vectors involving the SetDLInfo method in conjunction with the Bdl method. | |||||
| CVE-2011-2170 | 1 Google | 1 Chrome Os | 2024-02-04 | 4.4 MEDIUM | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors. | |||||
| CVE-2011-0478 | 1 Google | 2 Chrome, Chrome Os | 2024-02-04 | 10.0 HIGH | N/A |
| Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2008-7274 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. | |||||
| CVE-2011-0190 | 1 Apple | 3 Installer, Mac Os X, Mac Os X Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. | |||||
| CVE-2009-4611 | 1 Mortbay | 1 Jetty | 2024-02-04 | 7.5 HIGH | N/A |
| Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application. | |||||
| CVE-2011-3844 | 1 Apple | 1 Safari | 2024-02-04 | 4.3 MEDIUM | N/A |
| Apple Safari 5.0.5 does not properly implement the setInterval function, which allows remote attackers to spoof the address bar via a crafted web page. | |||||
| CVE-2011-3410 | 1 Microsoft | 1 Publisher | 2024-02-04 | 9.3 HIGH | N/A |
| Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability." | |||||
| CVE-2011-0067 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | |||||
| CVE-2010-0552 | 1 Geopp | 1 Geo\+\+ Gncaster | 2024-02-04 | 7.5 HIGH | N/A |
| Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI. | |||||