Total
238407 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4716 | 1 Dream-multimedia-tv | 4 Dreambox Dm800 Hd Pvr, Dreambox Dm800 Hd Pvr Firmware, Dreambox Dm800 Hd Se and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. | |||||
CVE-2010-4954 | 1 Gambio | 1 Xt\ | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
CVE-2010-1806 | 1 Apple | 1 Safari | 2024-02-04 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. | |||||
CVE-2011-1583 | 1 Citrix | 1 Xen | 2024-02-04 | 6.9 MEDIUM | N/A |
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. | |||||
CVE-2009-4417 | 1 Zend | 1 Framework | 2024-02-04 | 5.0 MEDIUM | N/A |
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." | |||||
CVE-2011-3498 | 1 Progea | 1 Movicon Powerhmi | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. | |||||
CVE-2009-4949 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2011-2460 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. | |||||
CVE-2010-2778 | 1 Novell | 1 Groupwise | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit." | |||||
CVE-2011-1192 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
CVE-2010-3141 | 1 Microsoft | 1 Powerpoint | 2024-02-04 | 9.3 HIGH | N/A |
Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file. | |||||
CVE-2010-4596 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2024-02-04 | 9.3 HIGH | N/A |
Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. | |||||
CVE-2010-2116 | 1 Mcafee | 2 Email Gateway, Secure Mail | 2024-02-04 | 6.5 MEDIUM | N/A |
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. | |||||
CVE-2010-0318 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 6.9 MEDIUM | N/A |
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure. | |||||
CVE-2011-3230 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-02-04 | 6.8 MEDIUM | N/A |
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
CVE-2011-3889 | 1 Google | 1 Chrome | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2010-3794 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.8 MEDIUM | N/A |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | |||||
CVE-2011-0577 | 1 Adobe | 1 Flash Player | 2024-02-04 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font. | |||||
CVE-2010-2688 | 1 Site2nite | 1 Boat Classifieds | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
CVE-2011-3838 | 1 Wuzly | 1 Wuzly | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php. |