Max CVSS 10.0 Min CVSS 1.0 Total Count1484
IDCVSSSummaryLast (major) updatePublished
CVE-2017-7805 None
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocat
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-2808 4.7
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2792 5.5
Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is Prior to 2.4.3. Easily exploitable vulnerability allows high privileged attacker with net
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2764 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2763 2.1
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NTPD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where S
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2754 3.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructur
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2753 2.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastruc
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2718 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to com
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2563 4.9
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2717 3.3
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infras
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2710 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to comprom
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2578 6.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2577 2.1
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2560 1.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2017-5753 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2014-3250 4.0
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
11-12-2017 - 12:29 11-12-2017 - 12:29
CVE-2017-3632 10.0
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10122 1.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10095 1.9
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10062 4.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infra
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10042 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via IKE to compr
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10036 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to c
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10004 7.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10003 4.4
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the in
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-3631 4.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where S
22-06-2017 - 09:29 22-06-2017 - 09:29
CVE-2017-3630 4.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure w
22-06-2017 - 09:29 22-06-2017 - 09:29
CVE-2017-3629 7.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure w
22-06-2017 - 09:29 22-06-2017 - 09:29
CVE-2017-3565 4.1
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where
04-05-2017 - 14:36 24-04-2017 - 15:59
CVE-2017-3564 6.9
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where
04-05-2017 - 14:34 24-04-2017 - 15:59
CVE-2017-3551 6.1
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infra
04-05-2017 - 14:03 24-04-2017 - 15:59
CVE-2017-3516 6.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with ne
04-05-2017 - 10:19 24-04-2017 - 15:59
CVE-2017-3510 5.5
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with ne
04-05-2017 - 10:16 24-04-2017 - 15:59
CVE-2017-3474 2.1
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where
03-05-2017 - 13:24 24-04-2017 - 15:59
CVE-2017-3498 2.1
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure whe
01-05-2017 - 15:00 24-04-2017 - 15:59
CVE-2017-3497 7.5
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows unauthenticated attacker with network
01-05-2017 - 14:59 24-04-2017 - 15:59
CVE-2017-3622 7.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulnerability allows low privileged attacker with logon t
01-05-2017 - 12:18 24-04-2017 - 15:59
CVE-2013-2005 6.8
X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEv
20-04-2017 - 21:59 15-06-2013 - 16:55
CVE-2013-2003 6.8
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.
20-04-2017 - 21:59 15-06-2013 - 16:55
CVE-2013-2002 6.8
Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.
20-04-2017 - 21:59 15-06-2013 - 16:55
CVE-2013-1998 6.8
Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3
20-04-2017 - 21:59 15-06-2013 - 16:55
CVE-2013-1995 6.8
X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.
20-04-2017 - 21:59 15-06-2013 - 16:55
CVE-2013-1987 6.8
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictI
20-04-2017 - 21:59 15-06-2013 - 15:55
CVE-2014-3566 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
23-03-2017 - 21:59 14-10-2014 - 20:55
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
19-02-2017 - 00:21 08-07-2008 - 19:41
CVE-2017-3301 1.9
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure wher
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3276 3.0
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2016-8330 4.3
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pr
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2010-5298 4.0
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via
26-01-2017 - 15:00 14-04-2014 - 18:38
CVE-2014-3470 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0224 6.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
18-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0198 4.3
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL
18-01-2017 - 21:59 06-05-2014 - 06:44
CVE-2014-0076 1.9
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
18-01-2017 - 21:59 25-03-2014 - 09:25
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2014-6414 4.0
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.
06-01-2017 - 22:00 02-10-2014 - 10:55
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2014-5461 5.0
Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.
06-01-2017 - 22:00 04-09-2014 - 13:55
CVE-2014-5356 4.0
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users
06-01-2017 - 22:00 25-08-2014 - 10:55
CVE-2014-5165 5.0
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows remote attackers to cause a denial of service (buffer
06-01-2017 - 22:00 01-08-2014 - 07:13
CVE-2014-5164 5.0
The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows remote attackers to cause a denial of service (appli
06-01-2017 - 22:00 01-08-2014 - 07:13
CVE-2014-5163 5.0
The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not completely initialize a certain buffer, which allows remote
06-01-2017 - 22:00 01-08-2014 - 07:13
CVE-2014-5162 5.0
The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote attackers to cause a denial of service (off-by-one buff
06-01-2017 - 22:00 01-08-2014 - 07:13
CVE-2014-5161 5.0
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash
06-01-2017 - 22:00 01-08-2014 - 07:13
CVE-2014-5139 4.3
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-4345 8.5
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authe
06-01-2017 - 22:00 14-08-2014 - 01:01
CVE-2014-4342 5.0
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
06-01-2017 - 22:00 20-07-2014 - 07:12
CVE-2014-4341 5.0
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
06-01-2017 - 22:00 20-07-2014 - 07:12
CVE-2014-3956 1.9
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom ma
06-01-2017 - 22:00 04-06-2014 - 07:19
CVE-2014-3618 7.5
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
06-01-2017 - 22:00 08-09-2014 - 10:55
CVE-2014-3589 5.0
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.
06-01-2017 - 22:00 25-08-2014 - 10:55
CVE-2014-3512 7.5
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2)
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3511 4.3
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both sup
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3510 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3509 6.8
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwr
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3508 4.3
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attacker
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3507 5.0
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger im
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3506 5.0
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory alloc
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3505 5.0
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that tri
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3493 2.7
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname wi
06-01-2017 - 22:00 23-06-2014 - 10:55
CVE-2014-3469 4.3
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3468 6.8
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3467 4.3
Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.
06-01-2017 - 21:59 05-06-2014 - 16:55
CVE-2014-3466 6.8
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code
06-01-2017 - 21:59 03-06-2014 - 10:55
CVE-2014-2427 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-1557 9.3
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attacke
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2014-1556 9.3
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2014-1555 9.3
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateCha
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2014-1551 10.0
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML cont
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2014-1548 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2014-1547 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2014-1544 10.0
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to e
06-01-2017 - 21:59 23-07-2014 - 07:12
CVE-2014-1402 4.4
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
06-01-2017 - 21:59 19-05-2014 - 10:55
CVE-2014-0591 2.6
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemo
06-01-2017 - 21:59 13-01-2014 - 23:29
CVE-2014-0474 10.0
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote att
06-01-2017 - 21:59 23-04-2014 - 11:55
CVE-2014-0473 5.0
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie
06-01-2017 - 21:59 23-04-2014 - 11:55
CVE-2014-0472 5.1
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URL
06-01-2017 - 21:59 23-04-2014 - 11:55
CVE-2014-0460 5.8
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0457 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0453 4.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0451 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0446 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0429 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0244 3.3
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
06-01-2017 - 21:59 23-06-2014 - 10:55
CVE-2014-0231 5.0
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0226 6.8
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0221 4.3
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS
06-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0211 7.5
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, wh
06-01-2017 - 21:59 15-05-2014 - 10:55
CVE-2014-0210 7.5
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info,
06-01-2017 - 21:59 15-05-2014 - 10:55
CVE-2014-0209 4.6
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file
06-01-2017 - 21:59 15-05-2014 - 10:55
CVE-2014-0195 6.8
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary c
06-01-2017 - 21:59 05-06-2014 - 17:55
CVE-2014-0178 3.5
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain po
06-01-2017 - 21:59 28-05-2014 - 00:58
CVE-2014-0160 5.0
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer ov
06-01-2017 - 21:59 07-04-2014 - 18:55
CVE-2014-0119 4.3
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web a
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2014-0118 4.3
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req
06-01-2017 - 21:59 20-07-2014 - 07:12
CVE-2014-0099 4.3
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a craf
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2014-0098 5.0
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handl
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2014-0096 4.3
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2014-0075 5.0
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2013-6450 5.8
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a differe
06-01-2017 - 21:59 01-01-2014 - 11:05
CVE-2013-6449 4.3
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 cl
06-01-2017 - 21:59 23-12-2013 - 17:55
CVE-2013-6438 5.0
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) v
06-01-2017 - 21:59 18-03-2014 - 01:18
CVE-2013-4590 4.3
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML d
06-01-2017 - 21:59 26-02-2014 - 09:55
CVE-2013-4496 5.0
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) S
06-01-2017 - 21:59 14-03-2014 - 06:55
CVE-2013-4475 4.0
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file an
06-01-2017 - 21:59 13-11-2013 - 10:55
CVE-2013-4408 8.3
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via
06-01-2017 - 21:59 10-12-2013 - 01:14
CVE-2013-4353 4.3
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.
06-01-2017 - 21:59 08-01-2014 - 20:55
CVE-2013-4322 4.3
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field
06-01-2017 - 21:59 26-02-2014 - 09:55
CVE-2013-4124 5.0
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
06-01-2017 - 21:59 05-08-2013 - 22:56
CVE-2013-1896 4.3
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han
06-01-2017 - 21:59 10-07-2013 - 16:55
CVE-2013-1862 5.1
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containi
06-01-2017 - 21:59 10-06-2013 - 13:55
CVE-2013-1861 5.0
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted
06-01-2017 - 21:59 28-03-2013 - 19:55
CVE-2013-1418 4.3
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon
06-01-2017 - 21:59 17-11-2013 - 22:55
CVE-2012-6150 3.6
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended a
06-01-2017 - 21:59 03-12-2013 - 14:55
CVE-2012-0883 6.9
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apach
06-01-2017 - 21:59 18-04-2012 - 06:33
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
06-01-2017 - 21:59 06-09-2011 - 15:55
CVE-2011-1202 5.0
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an
06-01-2017 - 21:59 10-03-2011 - 21:01
CVE-2015-2574 2.1
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.
04-01-2017 - 11:24 16-04-2015 - 13:00
CVE-2014-1933 2.1
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attac
03-01-2017 - 21:59 17-04-2014 - 10:55
CVE-2014-1932 4.4
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do n
03-01-2017 - 21:59 17-04-2014 - 10:55
CVE-2015-0448 7.2
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.
03-01-2017 - 14:04 16-04-2015 - 12:59
CVE-2015-2578 7.1
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap.
03-01-2017 - 13:39 16-04-2015 - 13:00
CVE-2015-2577 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands.
03-01-2017 - 13:21 16-04-2015 - 13:00
CVE-2015-0471 4.4
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0430 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.
02-01-2017 - 21:59 21-01-2015 - 14:59
CVE-2015-0429 3.3
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.
02-01-2017 - 21:59 21-01-2015 - 14:59
CVE-2015-0428 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.
02-01-2017 - 21:59 21-01-2015 - 14:59
CVE-2015-0397 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.
02-01-2017 - 21:59 21-01-2015 - 13:59
CVE-2014-9296 5.0
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
02-01-2017 - 21:59 19-12-2014 - 21:59
CVE-2014-9295 7.5
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata func
02-01-2017 - 21:59 19-12-2014 - 21:59
CVE-2014-9294 7.5
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
02-01-2017 - 21:59 19-12-2014 - 21:59
CVE-2014-9293 7.5
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
02-01-2017 - 21:59 19-12-2014 - 21:59
CVE-2014-7187 10.0
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deepl
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2014-7186 10.0
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here doc
02-01-2017 - 21:59 28-09-2014 - 15:55
CVE-2014-6278 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force
02-01-2017 - 21:59 30-09-2014 - 06:55
CVE-2014-6277 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-poin
02-01-2017 - 21:59 27-09-2014 - 18:55
CVE-2014-3568 4.3
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr
02-01-2017 - 21:59 18-10-2014 - 21:55
CVE-2014-3567 7.1
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an
02-01-2017 - 21:59 18-10-2014 - 21:55
CVE-2014-3513 7.1
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
02-01-2017 - 21:59 18-10-2014 - 21:55
CVE-2014-0191 4.3
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless
02-01-2017 - 21:59 21-01-2015 - 09:59
CVE-2008-5161 2.6
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server f
02-01-2017 - 21:59 19-11-2008 - 12:30
CVE-2013-4365 5.0
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
30-12-2016 - 21:59 17-10-2013 - 19:55
CVE-2013-4276 4.3
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utilit
30-12-2016 - 21:59 28-09-2013 - 15:55
CVE-2013-4243 6.8
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF
30-12-2016 - 21:59 10-09-2013 - 15:55
CVE-2013-4231 4.3
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF
30-12-2016 - 21:59 19-01-2014 - 12:16
CVE-2013-4164 6.8
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute
30-12-2016 - 21:59 23-11-2013 - 14:55
CVE-2013-2236 2.6
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (cr
30-12-2016 - 21:59 23-10-2013 - 23:48
CVE-2013-2110 5.0
Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp
30-12-2016 - 21:59 21-06-2013 - 16:55
CVE-2013-1961 9.3
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
30-12-2016 - 21:59 03-07-2013 - 14:55
CVE-2013-1620 4.3
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct di
30-12-2016 - 21:59 08-02-2013 - 14:55
CVE-2012-3571 6.1
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
30-12-2016 - 21:59 25-07-2012 - 06:42
CVE-2016-3465 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
30-12-2016 - 16:14 21-04-2016 - 07:00
CVE-2015-4750 5.0
Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.2 allows remote attackers to affect availability via vectors related to LDOM Manager.
29-12-2016 - 08:34 16-07-2015 - 07:00
CVE-2015-4907 4.6
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820.
23-12-2016 - 21:59 21-10-2015 - 20:00
CVE-2015-4891 4.6
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4869 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4837 6.6
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4834 3.7
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4831 4.9
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4822 1.2
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4820 6.2
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4817 6.2
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4801 2.1
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-2642 4.4
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2014-3565 5.0
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB f
23-12-2016 - 21:59 07-10-2014 - 10:55
CVE-2012-5667 4.4
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
23-12-2016 - 21:59 03-01-2013 - 06:54
CVE-2016-0618 1.4
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones.
22-12-2016 - 11:06 20-01-2016 - 22:02
CVE-2013-6487 7.5
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
21-12-2016 - 21:59 06-02-2014 - 12:00
CVE-2013-5211 5.0
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 20
21-12-2016 - 21:59 02-01-2014 - 09:59
CVE-2015-0378 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc.
09-12-2016 - 14:59 21-01-2015 - 13:59
CVE-2015-7236 5.0
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
07-12-2016 - 22:13 01-10-2015 - 16:59
CVE-2014-2285 4.3
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP
07-12-2016 - 22:05 27-04-2014 - 18:55
CVE-2013-4286 5.8
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identifi
07-12-2016 - 22:03 26-02-2014 - 09:55
CVE-2013-4242 1.9
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
07-12-2016 - 22:03 19-08-2013 - 19:55
CVE-2013-1960 9.3
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
07-12-2016 - 22:03 03-07-2013 - 14:55
CVE-2013-1667 7.5
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
07-12-2016 - 22:03 13-03-2013 - 23:13
CVE-2012-6329 7.5
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers t
07-12-2016 - 22:02 04-01-2013 - 16:55
CVE-2012-6151 4.3
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout
07-12-2016 - 22:02 13-12-2013 - 13:55
CVE-2012-5526 5.0
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
07-12-2016 - 22:02 21-11-2012 - 18:55
CVE-2012-5195 7.5
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possib
07-12-2016 - 22:02 17-12-2012 - 19:55
CVE-2012-4558 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remo
07-12-2016 - 22:02 26-02-2013 - 11:55
CVE-2012-4431 4.3
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
07-12-2016 - 22:02 19-12-2012 - 06:55
CVE-2012-3499 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagema
07-12-2016 - 22:02 26-02-2013 - 11:55
CVE-2012-2688 10.0
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
07-12-2016 - 22:02 20-07-2012 - 06:40
CVE-2012-2687 2.6
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to in
07-12-2016 - 22:02 22-08-2012 - 15:55
CVE-2012-2131 7.5
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER dat
07-12-2016 - 22:02 24-04-2012 - 16:55
CVE-2012-0814 3.5
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these m
07-12-2016 - 22:02 27-01-2012 - 14:55
CVE-2012-0259 4.3
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-b
07-12-2016 - 22:02 05-06-2012 - 18:55
CVE-2011-3607 4.4
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted S
07-12-2016 - 22:02 08-11-2011 - 06:55
CVE-2011-3597 7.5
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
07-12-2016 - 22:02 13-01-2012 - 13:55
CVE-2011-0411 6.8
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sess
07-12-2016 - 22:01 16-03-2011 - 18:55
CVE-2010-4015 6.5
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a deni
07-12-2016 - 22:01 01-02-2011 - 20:00
CVE-2010-2761 4.3
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP h
07-12-2016 - 22:01 06-12-2010 - 15:12
CVE-2010-1168 7.5
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and
07-12-2016 - 22:01 21-06-2010 - 12:30
CVE-2010-0624 6.8
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arb
07-12-2016 - 22:01 15-03-2010 - 09:28
CVE-2009-3563 6.4
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
07-12-2016 - 22:01 09-12-2009 - 13:30
CVE-2009-3490 6.8
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a leg
07-12-2016 - 22:01 30-09-2009 - 11:30
CVE-2005-2495 5.1
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
07-12-2016 - 22:00 15-09-2005 - 16:03
CVE-2004-0930 5.0
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
07-12-2016 - 21:59 27-01-2005 - 00:00
CVE-2004-0452 2.6
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symli
07-12-2016 - 21:59 21-12-2004 - 00:00
CVE-2016-0440 7.8
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4.
07-12-2016 - 18:43 20-01-2016 - 21:59
CVE-2016-0458 4.0
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX.
07-12-2016 - 17:19 20-01-2016 - 22:00
CVE-2016-0493 3.3
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography.
07-12-2016 - 14:36 20-01-2016 - 22:00
CVE-2016-0535 4.3
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC.
07-12-2016 - 13:31 20-01-2016 - 22:01
CVE-2016-0431 1.2
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0428 4.9
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0426 3.6
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0419 4.9
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0418 6.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0416 5.0
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0414 7.2
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0418.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0406 3.3
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to Libc.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2016-0403 7.8
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utilities.
07-12-2016 - 13:30 20-01-2016 - 21:59
CVE-2015-8370 6.9
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get f
07-12-2016 - 13:27 16-12-2015 - 16:59
CVE-2015-8104 4.7
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
07-12-2016 - 13:26 16-11-2015 - 06:59
CVE-2015-7940 5.0
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "
07-12-2016 - 13:25 09-11-2015 - 11:59
CVE-2015-4922 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot.
07-12-2016 - 13:15 20-01-2016 - 21:59
CVE-2015-4920 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup Service.
07-12-2016 - 13:15 20-01-2016 - 21:59
CVE-2015-0375 5.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.
07-12-2016 - 12:23 21-01-2015 - 13:59
CVE-2014-6521 7.2
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.
07-12-2016 - 06:22 21-01-2015 - 09:59
CVE-2014-6600 4.9
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.
06-12-2016 - 22:01 21-01-2015 - 13:59
CVE-2014-6575 5.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.
06-12-2016 - 22:01 21-01-2015 - 10:28
CVE-2014-6570 4.9
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.
06-12-2016 - 22:01 21-01-2015 - 10:28
CVE-2014-6518 6.6
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).
06-12-2016 - 22:01 21-01-2015 - 09:59
CVE-2014-6510 7.2
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.
06-12-2016 - 22:01 21-01-2015 - 09:59
CVE-2014-6509 4.9
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2014-6481 4.3
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2014-6480 6.5
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to System management.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2014-4259 9.0
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to System management.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2012-5670 4.3
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.
06-12-2016 - 22:00 24-01-2013 - 16:55
CVE-2012-5669 4.3
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of
06-12-2016 - 22:00 24-01-2013 - 16:55
CVE-2012-5668 4.3
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
06-12-2016 - 22:00 24-01-2013 - 16:55
CVE-2012-5166 7.8
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
06-12-2016 - 22:00 10-10-2012 - 17:55
CVE-2012-4244 7.8
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource re
06-12-2016 - 22:00 14-09-2012 - 06:33
CVE-2012-1667 8.5
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of
06-12-2016 - 22:00 05-06-2012 - 12:55
CVE-2011-4517 6.8
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a deni
06-12-2016 - 22:00 14-12-2011 - 22:57
CVE-2011-4516 6.8
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding st
06-12-2016 - 22:00 14-12-2011 - 22:57
CVE-2008-0122 10.0
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code
06-12-2016 - 21:59 15-01-2008 - 21:00
CVE-2003-0001 5.0
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
06-12-2016 - 21:59 17-01-2003 - 00:00
CVE-2002-2443 5.0
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a for
06-12-2016 - 21:59 29-05-2013 - 10:29
CVE-2012-1148 5.0
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation
05-12-2016 - 21:59 03-07-2012 - 15:55
CVE-2012-0876 4.3
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit
05-12-2016 - 21:59 03-07-2012 - 15:55
CVE-2016-3462 4.9
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service.
02-12-2016 - 22:27 21-04-2016 - 07:00
CVE-2016-3441 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.
02-12-2016 - 22:27 21-04-2016 - 07:00
CVE-2016-3419 2.1
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.
02-12-2016 - 22:26 21-04-2016 - 07:00
CVE-2016-0693 10.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.
02-12-2016 - 22:17 21-04-2016 - 06:59
CVE-2016-0676 4.0
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.
02-12-2016 - 22:17 21-04-2016 - 06:59
CVE-2016-0669 5.2
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash.
02-12-2016 - 22:17 21-04-2016 - 06:59
CVE-2016-0623 4.3
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.
02-12-2016 - 22:16 21-04-2016 - 06:59
CVE-2014-4330 2.1
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers
02-12-2016 - 22:01 30-09-2014 - 12:55
CVE-2014-3707 4.3
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to r
02-12-2016 - 22:01 15-11-2014 - 15:59
CVE-2014-3613 5.0
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a s
02-12-2016 - 22:01 18-11-2014 - 10:59
CVE-2014-0015 4.0
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.
02-12-2016 - 22:00 01-02-2014 - 19:55
CVE-2013-0214 5.1
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging kn
02-12-2016 - 22:00 02-02-2013 - 15:55
CVE-2013-0213 5.1
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
02-12-2016 - 22:00 02-02-2013 - 15:55
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2013-0166 5.0
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2012-4245 6.8
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
02-12-2016 - 21:59 31-08-2012 - 14:55
CVE-2016-5615 2.1
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.
28-11-2016 - 15:28 25-10-2016 - 10:31
CVE-2016-5606 5.6
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.
28-11-2016 - 15:27 25-10-2016 - 10:31
CVE-2016-5576 4.9
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5566 5.0
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5561 2.6
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5559 4.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5553 4.7
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5544 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5487 4.6
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
28-11-2016 - 15:26 25-10-2016 - 10:29
CVE-2016-5480 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.
28-11-2016 - 15:26 25-10-2016 - 10:29
CVE-2016-5471 2.1
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.
28-11-2016 - 15:25 21-07-2016 - 06:15
CVE-2016-5469 2.1
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.
28-11-2016 - 15:25 21-07-2016 - 06:15
CVE-2016-5454 5.4
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.
28-11-2016 - 15:25 21-07-2016 - 06:15
CVE-2016-5452 2.1
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.
28-11-2016 - 15:25 21-07-2016 - 06:15
CVE-2016-3584 4.4
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3497 4.9
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.
28-11-2016 - 15:10 21-07-2016 - 06:12
CVE-2016-3453 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.
28-11-2016 - 15:09 21-07-2016 - 06:12
CVE-2015-2662 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.
28-11-2016 - 14:21 16-07-2015 - 07:00
CVE-2015-2631 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat.
28-11-2016 - 14:21 16-07-2015 - 06:59
CVE-2015-2589 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone.
28-11-2016 - 14:20 16-07-2015 - 06:59
CVE-2015-2580 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.
28-11-2016 - 14:20 16-07-2015 - 06:59
CVE-2014-7144 4.3
OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows
28-11-2016 - 14:12 02-10-2014 - 10:55
CVE-2014-4215 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862.
28-11-2016 - 14:12 17-07-2014 - 01:10
CVE-2014-3608 2.7
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an
28-11-2016 - 14:11 06-10-2014 - 10:55
CVE-2014-0092 5.8
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
28-11-2016 - 14:10 06-03-2014 - 19:10
CVE-2013-6420 7.5
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec
28-11-2016 - 14:09 16-12-2013 - 23:46
CVE-2013-5862 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215.
28-11-2016 - 14:09 16-10-2013 - 14:55
CVE-2013-4396 6.5
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a cra
28-11-2016 - 14:09 10-10-2013 - 06:55
CVE-2013-4248 4.3
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-
28-11-2016 - 14:09 17-08-2013 - 22:52
CVE-2013-2561 6.3
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiag
28-11-2016 - 14:09 23-11-2013 - 13:55
CVE-2013-2174 6.8
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string endi
28-11-2016 - 14:09 31-07-2013 - 09:20
CVE-2013-2067 6.8
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions,
28-11-2016 - 14:09 01-06-2013 - 10:21
CVE-2013-2064 6.8
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.
28-11-2016 - 14:09 15-06-2013 - 15:55
CVE-2013-1981 6.8
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInf
28-11-2016 - 14:08 15-06-2013 - 15:55
CVE-2013-1775 6.9
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp t
28-11-2016 - 14:08 05-03-2013 - 16:38
CVE-2013-0189 5.0
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, poss
28-11-2016 - 14:08 08-02-2013 - 15:55
CVE-2012-5643 5.0
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length header
28-11-2016 - 14:08 20-12-2012 - 07:02
CVE-2012-3954 3.3
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
28-11-2016 - 14:08 25-07-2012 - 06:42
CVE-2012-2845 6.4
Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2841 7.5
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the format
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2840 7.5
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in a
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2837 5.0
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags th
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2836 6.4
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via cra
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2814 7.5
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2813 6.4
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2812 6.4
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via c
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-0098 1.9
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.
28-11-2016 - 14:07 18-01-2012 - 17:55
CVE-2011-4339 3.6
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users
28-11-2016 - 14:07 14-12-2011 - 22:57
CVE-2011-3205 6.8
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon
28-11-2016 - 14:07 06-09-2011 - 11:55
CVE-2011-0813 4.9
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098.
28-11-2016 - 14:07 20-04-2011 - 06:55
CVE-2010-5107 5.0
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
28-11-2016 - 14:07 07-03-2013 - 15:55
CVE-2010-4651 5.8
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010
28-11-2016 - 14:07 11-03-2011 - 17:55
CVE-2010-2252 6.8
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc f
28-11-2016 - 14:07 06-07-2010 - 13:17
CVE-2014-0447 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876.
22-11-2016 - 10:52 15-04-2014 - 20:55
CVE-2013-5876 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447.
22-11-2016 - 10:49 15-01-2014 - 11:11
CVE-2010-0884 2.1
Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-20
18-11-2016 - 22:02 13-04-2010 - 18:30
CVE-2010-0883 2.1
Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-20
18-11-2016 - 22:02 13-04-2010 - 18:30
CVE-2006-0225 4.6
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
18-11-2016 - 21:59 25-01-2006 - 06:03
CVE-2013-5833 4.9
Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem.
17-11-2016 - 15:53 15-01-2014 - 11:11
CVE-2013-5834 6.2
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps.
17-11-2016 - 15:02 15-01-2014 - 11:11
CVE-2013-5875 2.7
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).
17-11-2016 - 15:01 15-01-2014 - 11:11
CVE-2013-5885 1.7
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity via unknown vectors related to Audit.
17-11-2016 - 15:01 15-01-2014 - 11:11
CVE-2013-5821 4.6
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.
17-11-2016 - 15:01 15-01-2014 - 11:11
CVE-2014-0390 4.3
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.
17-11-2016 - 14:50 15-01-2014 - 11:08
CVE-2013-5872 2.1
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).
17-11-2016 - 14:49 15-01-2014 - 11:11
CVE-2013-5883 3.2
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel.
17-11-2016 - 12:05 15-01-2014 - 11:11
CVE-2013-0415 6.0
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.
16-11-2016 - 14:05 16-01-2013 - 20:55
CVE-2013-0407 4.6
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
16-11-2016 - 14:00 16-01-2013 - 20:55
CVE-2012-0570 2.1
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
16-11-2016 - 13:59 17-04-2013 - 08:14
CVE-2013-3786 6.0
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
16-11-2016 - 13:59 17-07-2013 - 09:41
CVE-2013-5864 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.
16-11-2016 - 13:53 16-10-2013 - 14:55
CVE-2013-5839 4.3
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.
16-11-2016 - 13:50 16-10-2013 - 13:55
CVE-2012-0569 3.3
Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.
16-11-2016 - 13:47 16-01-2013 - 20:55
CVE-2013-3745 2.1
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
16-11-2016 - 13:46 17-07-2013 - 09:41
CVE-2013-3787 4.3
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.
16-11-2016 - 13:46 17-07-2013 - 09:41
CVE-2013-3757 6.4
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.
16-11-2016 - 13:46 17-07-2013 - 09:41
CVE-2013-0413 4.4
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.
16-11-2016 - 13:45 17-04-2013 - 08:14
CVE-2013-3799 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel.
16-11-2016 - 13:43 17-07-2013 - 09:41
CVE-2012-0568 2.1
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.
16-11-2016 - 13:43 17-04-2013 - 08:14
CVE-2013-0412 3.6
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.
16-11-2016 - 13:43 17-04-2013 - 08:14
CVE-2013-0411 5.9
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.
16-11-2016 - 13:43 17-04-2013 - 08:14
CVE-2013-3813 5.8
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix.
16-11-2016 - 13:19 17-07-2013 - 09:41
CVE-2013-3837 4.3
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.
16-11-2016 - 12:55 16-10-2013 - 11:55
CVE-2013-3842 2.1
Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).
16-11-2016 - 12:55 16-10-2013 - 11:55
CVE-2013-0398 5.0
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).
10-11-2016 - 08:28 17-07-2013 - 09:41
CVE-2013-0406 4.3
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.
09-11-2016 - 16:40 17-04-2013 - 08:14
CVE-2013-0399 6.6
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.
09-11-2016 - 16:40 16-01-2013 - 20:55
CVE-2013-0400 6.6
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.
09-11-2016 - 16:40 16-01-2013 - 20:55
CVE-2013-0403 1.9
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.
09-11-2016 - 16:40 17-04-2013 - 08:14
CVE-2013-0408 5.0
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.
09-11-2016 - 16:26 17-04-2013 - 08:14
CVE-2013-1507 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.
09-11-2016 - 16:25 17-04-2013 - 08:14
CVE-2013-1496 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.
09-11-2016 - 16:25 17-04-2013 - 08:14
CVE-2013-0405 6.4
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.
09-11-2016 - 16:24 17-04-2013 - 08:14
CVE-2013-1498 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.
09-11-2016 - 16:24 17-04-2013 - 08:14
CVE-2013-1530 3.8
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
09-11-2016 - 16:24 17-04-2013 - 08:19
CVE-2013-0404 3.7
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.
09-11-2016 - 16:24 17-04-2013 - 08:14
CVE-2006-4924 7.8
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack d
17-10-2016 - 23:41 26-09-2006 - 21:07
CVE-2006-4339 4.3
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
17-10-2016 - 23:40 05-09-2006 - 13:04
CVE-2006-2940 7.8
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates tha
17-10-2016 - 23:40 28-09-2006 - 14:07
CVE-2006-2937 7.8
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
17-10-2016 - 23:40 28-09-2006 - 14:07
CVE-2005-4134 5.0
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not
17-10-2016 - 23:38 09-12-2005 - 10:03
CVE-2005-3962 4.6
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an int
17-10-2016 - 23:37 01-12-2005 - 12:03
CVE-2005-3269 7.5
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server
17-10-2016 - 23:34 20-10-2005 - 19:02
CVE-2005-2294 2.1
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2005-2293 2.1
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2005-2292 2.1
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2005-2291 4.6
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2005-2071 4.6
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
17-10-2016 - 23:24 29-06-2005 - 00:00
CVE-2005-1689 7.5
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
17-10-2016 - 23:21 18-07-2005 - 00:00
CVE-2005-1686 2.6
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user,
17-10-2016 - 23:21 20-05-2005 - 00:00
CVE-2005-0710 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is pr
17-10-2016 - 23:13 02-05-2005 - 00:00
CVE-2005-0709 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
17-10-2016 - 23:13 02-05-2005 - 00:00
CVE-2005-0602 6.2
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0156 2.1
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long
17-10-2016 - 23:08 07-02-2005 - 00:00
CVE-2005-0004 4.6
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
17-10-2016 - 23:07 14-04-2005 - 00:00
CVE-2004-1371 9.0
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1370 7.5
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.S
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1369 5.0
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1368 7.8
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1367 4.4
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow loca
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1365 4.6
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1364 8.5
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1363 7.2
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1362 7.5
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedu
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-0837 2.6
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
17-10-2016 - 22:49 03-11-2004 - 00:00
CVE-2004-0791 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench a
17-10-2016 - 22:49 12-04-2005 - 00:00
CVE-2004-0790 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
17-10-2016 - 22:49 12-04-2005 - 00:00
CVE-2004-0523 10.0
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
17-10-2016 - 22:45 18-08-2004 - 00:00
CVE-2004-0492 10.0
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes
17-10-2016 - 22:45 06-08-2004 - 00:00
CVE-2004-0230 5.0
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
17-10-2016 - 22:42 18-08-2004 - 00:00
CVE-2004-0174 5.0
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listeni
17-10-2016 - 22:41 04-05-2004 - 00:00
CVE-2003-0993 7.5
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
17-10-2016 - 22:38 29-03-2004 - 00:00
CVE-2003-0987 7.5
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
17-10-2016 - 22:38 03-03-2004 - 00:00
CVE-2003-0542 7.2
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9
17-10-2016 - 22:35 03-11-2003 - 00:00
CVE-2003-0020 5.0
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
17-10-2016 - 22:28 18-03-2003 - 00:00
CVE-2014-7185 6.4
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
14-10-2016 - 21:59 08-10-2014 - 13:55
CVE-2012-1687 5.6
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).
05-10-2016 - 12:52 17-07-2012 - 18:55
CVE-2012-1684 4.3
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.
05-10-2016 - 12:47 03-05-2012 - 18:55
CVE-2012-1681 4.9
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.
05-10-2016 - 12:42 03-05-2012 - 18:55
CVE-2012-1683 5.9
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.
05-10-2016 - 09:17 03-05-2012 - 18:55
CVE-2012-1691 6.6
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges.
05-10-2016 - 09:14 03-05-2012 - 18:55
CVE-2013-1944 5.0
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
08-09-2016 - 21:59 29-04-2013 - 18:55
CVE-2013-1776 4.4
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via
08-09-2016 - 21:59 08-04-2013 - 13:55
CVE-2006-3467 7.5
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.
30-08-2016 - 21:59 21-07-2006 - 10:03
CVE-2014-2421 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2412 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-04
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2401 5.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-2398 3.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-2324 5.0
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
22-08-2016 - 22:07 14-03-2014 - 11:55
CVE-2014-2323 7.5
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
22-08-2016 - 22:07 14-03-2014 - 11:55
CVE-2012-5885 5.0
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce)
22-08-2016 - 22:06 17-11-2012 - 14:55
CVE-2012-4534 2.6
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by termi
22-08-2016 - 22:05 19-12-2012 - 06:55
CVE-2012-3546 4.3
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then
22-08-2016 - 22:05 19-12-2012 - 06:55
CVE-2012-2733 5.0
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of servic
22-08-2016 - 22:05 16-11-2012 - 16:55
CVE-2012-2333 6.8
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified
22-08-2016 - 22:05 14-05-2012 - 18:55
CVE-2012-2110 7.5
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a de
22-08-2016 - 22:05 19-04-2012 - 13:55
CVE-2012-1182 10.0
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execut
22-08-2016 - 22:05 10-04-2012 - 17:55
CVE-2012-0884 5.0
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Millio
22-08-2016 - 22:05 12-03-2012 - 23:12
CVE-2012-0053 4.3
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors i
22-08-2016 - 22:04 27-01-2012 - 23:05
CVE-2012-0050 5.0
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorre
22-08-2016 - 22:04 19-01-2012 - 14:55
CVE-2012-0031 4.6
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memor
22-08-2016 - 22:04 18-01-2012 - 15:55
CVE-2012-0021 2.6
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of s
22-08-2016 - 22:04 27-01-2012 - 23:05
CVE-2011-5035 5.0
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash coll
22-08-2016 - 22:04 29-12-2011 - 20:55
CVE-2011-4619 5.0
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2011-4576 5.0
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2011-4313 5.0
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named e
22-08-2016 - 22:04 29-11-2011 - 12:55
CVE-2011-4108 4.3
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2010-4180 4.3
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an uninte
22-08-2016 - 22:02 06-12-2010 - 16:05
CVE-2010-4008 4.3
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to ca
22-08-2016 - 22:02 16-11-2010 - 20:00
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
22-08-2016 - 21:59 09-11-2009 - 12:30
CVE-2009-3230 6.5
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZAT
22-08-2016 - 21:59 17-09-2009 - 06:30
CVE-2009-3229 4.0
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
22-08-2016 - 21:59 17-09-2009 - 06:30
CVE-2009-0922 4.0
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified enco
22-08-2016 - 21:59 17-03-2009 - 13:30
CVE-2009-0590 5.0
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid
22-08-2016 - 21:59 27-03-2009 - 12:30
CVE-2008-5077 5.8
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
22-08-2016 - 21:59 07-01-2009 - 12:30
CVE-2014-0117 4.3
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
08-07-2016 - 13:24 20-07-2014 - 07:12
CVE-2013-4545 4.3
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-th
16-06-2016 - 21:59 23-11-2013 - 06:55
CVE-2013-0338 4.3
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entit
16-06-2016 - 21:59 25-04-2013 - 19:55
CVE-2011-4317 4.3
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern ma
16-06-2016 - 21:59 29-11-2011 - 23:05
CVE-2014-2856 4.3
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.
01-06-2016 - 22:26 18-04-2014 - 10:55
CVE-2014-2469 5.0
Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.
01-06-2016 - 22:24 17-04-2014 - 10:55
CVE-2013-1427 1.9
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such a
01-06-2016 - 22:18 21-03-2013 - 13:55
CVE-2009-0127 5.0
** DISPUTED ** M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chai
13-05-2016 - 13:09 15-01-2009 - 12:30
CVE-2009-3923 7.5
The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
09-05-2016 - 12:56 09-11-2009 - 19:30
CVE-2014-0033 4.3
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a cra
25-04-2016 - 21:59 26-02-2014 - 09:55
CVE-2013-6712 5.0
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte
07-04-2016 - 17:05 27-11-2013 - 23:37
CVE-2009-0025 6.8
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulne
04-04-2016 - 14:12 07-01-2009 - 12:30
CVE-2009-0696 4.3
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon ex
04-04-2016 - 11:50 29-07-2009 - 13:30
CVE-2014-2282 4.3
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) vi
04-04-2016 - 09:14 11-03-2014 - 09:01
CVE-2010-4020 3.5
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the smal
31-03-2016 - 13:27 02-12-2010 - 11:22
CVE-2010-1324 4.3
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum,
31-03-2016 - 13:26 02-12-2010 - 11:22
CVE-2010-1323 2.6
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distrib
31-03-2016 - 13:25 02-12-2010 - 11:22
CVE-2014-0012 4.4
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix
14-12-2015 - 18:07 19-05-2014 - 10:55
CVE-2013-4936 5.0
The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference an
14-12-2015 - 18:06 29-07-2013 - 20:56
CVE-2014-4239 4.0
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).
03-12-2015 - 13:02 17-07-2014 - 07:17
CVE-2012-4298 5.4
Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file th
02-12-2015 - 12:29 16-08-2012 - 06:38
CVE-2012-4297 8.3
Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed
02-12-2015 - 12:29 16-08-2012 - 06:38
CVE-2012-4296 3.3
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.
02-12-2015 - 12:29 16-08-2012 - 06:38
CVE-2012-4295 3.3
Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed
02-12-2015 - 12:29 16-08-2012 - 06:38
CVE-2012-4294 5.8
Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.
02-12-2015 - 12:28 16-08-2012 - 06:38
CVE-2012-4292 3.3
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library,
02-12-2015 - 12:28 16-08-2012 - 06:38
CVE-2012-4291 3.3
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
02-12-2015 - 12:27 16-08-2012 - 06:38
CVE-2012-4290 3.3
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
02-12-2015 - 12:25 16-08-2012 - 06:38
CVE-2012-4289 3.3
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.
02-12-2015 - 12:24 16-08-2012 - 06:38
CVE-2012-4288 3.3
Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or applic
02-12-2015 - 12:22 16-08-2012 - 06:38
CVE-2012-4287 5.0
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.
02-12-2015 - 12:22 16-08-2012 - 06:38
CVE-2012-4286 4.3
The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng
02-12-2015 - 12:18 16-08-2012 - 06:38
CVE-2012-4285 3.3
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and appli
02-12-2015 - 12:17 16-08-2012 - 06:38
CVE-2012-4049 2.9
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
02-12-2015 - 12:17 24-07-2012 - 15:55
CVE-2012-4048 3.3
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon
02-12-2015 - 12:15 24-07-2012 - 15:55
CVE-2012-4293 3.3
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of servi
02-12-2015 - 12:14 16-08-2012 - 06:38
CVE-2012-3548 4.3
The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field
02-12-2015 - 12:11 30-08-2012 - 18:55
CVE-2012-0068 4.3
The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.
02-12-2015 - 12:11 11-04-2012 - 06:39
CVE-2012-0067 4.3
wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file.
02-12-2015 - 12:10 11-04-2012 - 06:39
CVE-2012-0066 4.3
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
02-12-2015 - 12:10 11-04-2012 - 06:39
CVE-2012-0043 5.8
Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execu
02-12-2015 - 12:10 11-04-2012 - 06:39
CVE-2012-0042 2.9
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to ep
02-12-2015 - 12:07 11-04-2012 - 06:39
CVE-2012-0041 4.3
The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file.
02-12-2015 - 12:06 11-04-2012 - 06:39
CVE-2013-3562 5.0
Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed p
01-12-2015 - 14:47 24-05-2013 - 23:18
CVE-2013-3561 7.8
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector,
01-12-2015 - 14:47 24-05-2013 - 23:18
CVE-2013-3560 5.0
The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash)
01-12-2015 - 14:46 24-05-2013 - 23:18
CVE-2013-3559 5.0
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer de
01-12-2015 - 14:46 24-05-2013 - 23:18
CVE-2013-3558 5.0
The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a ma
01-12-2015 - 14:46 24-05-2013 - 23:18
CVE-2013-3557 5.0
The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of ser
01-12-2015 - 14:46 24-05-2013 - 23:18
CVE-2013-3556 5.0
The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) v
01-12-2015 - 14:45 24-05-2013 - 23:18
CVE-2013-3555 5.0
epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed pac
01-12-2015 - 14:30 24-05-2013 - 23:18
CVE-2013-2487 7.8
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted in
01-12-2015 - 14:29 07-03-2013 - 10:55
CVE-2013-2486 6.1
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a deni
01-12-2015 - 14:28 07-03-2013 - 10:55
CVE-2013-2168 1.9
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
20-11-2015 - 10:57 03-07-2013 - 14:55
CVE-2010-4643 9.3
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Mi
17-11-2015 - 11:16 28-01-2011 - 17:00
CVE-2010-4253 9.3
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office docu
17-11-2015 - 11:15 28-01-2011 - 17:00
CVE-2012-1765 4.7
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone.
17-11-2015 - 10:17 17-07-2012 - 19:55
CVE-2007-5268 4.3
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
10-11-2015 - 11:40 08-10-2007 - 17:17
CVE-2007-2445 5.0
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
10-11-2015 - 11:33 16-05-2007 - 18:30
CVE-2014-6501 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.
06-11-2015 - 10:58 15-10-2014 - 18:55
CVE-2014-6497 4.9
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel.
06-11-2015 - 10:58 15-10-2014 - 18:55
CVE-2014-6490 5.0
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.
06-11-2015 - 10:57 15-10-2014 - 18:55
CVE-2014-6473 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.
06-11-2015 - 10:57 15-10-2014 - 11:55
CVE-2014-6470 6.8
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.
06-11-2015 - 10:57 15-10-2014 - 11:55
CVE-2014-4284 4.4
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280.
06-11-2015 - 10:49 15-10-2014 - 11:55
CVE-2014-4283 4.3
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277.
06-11-2015 - 10:49 15-10-2014 - 11:55
CVE-2014-4280 4.6
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284.
06-11-2015 - 10:49 15-10-2014 - 11:55
CVE-2014-4277 5.0
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283.
06-11-2015 - 10:49 15-10-2014 - 11:55
CVE-2014-4276 7.5
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).
06-11-2015 - 10:48 15-10-2014 - 11:55
CVE-2014-4275 4.9
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.
06-11-2015 - 10:48 15-10-2014 - 11:55
CVE-2014-4224 4.9
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.
06-11-2015 - 10:46 17-07-2014 - 01:10
CVE-2014-4282 7.2
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
06-11-2015 - 10:24 15-10-2014 - 11:55
CVE-2014-2828 7.8
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authent
04-11-2015 - 12:38 15-04-2014 - 10:55
CVE-2013-1996 6.8
X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.
16-10-2015 - 11:06 15-06-2013 - 16:55
CVE-2013-0272 6.8
Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header.
08-10-2015 - 10:35 16-02-2013 - 16:55
CVE-2014-3594 3.5
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new h
11-09-2015 - 11:30 22-08-2014 - 10:55
CVE-2014-3475 4.3
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user
11-09-2015 - 11:18 31-10-2014 - 11:55
CVE-2014-3474 3.5
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users
11-09-2015 - 11:17 31-10-2014 - 11:55
CVE-2014-3473 4.3
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Or
11-09-2015 - 11:16 31-10-2014 - 11:55
CVE-2015-4770 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem.
27-08-2015 - 12:29 16-07-2015 - 07:01
CVE-2014-2283 4.3
epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application
12-08-2015 - 13:44 11-03-2014 - 09:01
CVE-2014-2281 4.3
The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (
12-08-2015 - 13:42 11-03-2014 - 09:01
CVE-2015-2651 3.8
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones virtualized NIC driver.
20-07-2015 - 09:28 16-07-2015 - 07:00
CVE-2015-2614 4.9
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver.
16-07-2015 - 14:32 16-07-2015 - 06:59
CVE-2015-2616 4.9
Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows local users to affect availability via unknown vectors related to DevFS.
16-07-2015 - 14:26 16-07-2015 - 06:59
CVE-2015-2609 4.9
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers.
16-07-2015 - 13:46 16-07-2015 - 06:59
CVE-2007-2926 4.3
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query i
16-03-2015 - 21:59 24-07-2007 - 13:30
CVE-2012-3544 5.0
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
11-12-2014 - 21:59 01-06-2013 - 10:21
CVE-2014-3621 4.0
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the pub
19-11-2014 - 21:59 02-10-2014 - 10:55
CVE-2014-6529 6.8
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.
18-11-2014 - 22:02 15-10-2014 - 18:55
CVE-2014-6508 7.8
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).
18-11-2014 - 22:02 15-10-2014 - 18:55
CVE-2014-2270 4.3
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
18-11-2014 - 22:00 14-03-2014 - 11:55
CVE-2014-1943 5.0
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
18-11-2014 - 22:00 18-02-2014 - 14:55
CVE-2014-3248 6.2
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows
17-11-2014 - 13:42 16-11-2014 - 12:59
CVE-2009-0217 5.0
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
13-11-2014 - 21:59 14-07-2009 - 19:30
CVE-2014-6432 5.0
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6431 5.0
Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6430 5.0
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application c
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6429 5.0
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (ap
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6428 5.0
The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6427 5.0
Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6426 5.0
The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6425 5.0
The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6424 5.0
The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a den
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6423 5.0
The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line.
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6422 5.0
The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector.
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-6421 5.0
Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissector
05-11-2014 - 03:28 20-09-2014 - 06:55
CVE-2014-3520 6.0
OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust
28-10-2014 - 09:29 26-10-2014 - 16:55
CVE-2012-3374 7.5
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
10-10-2014 - 00:54 07-07-2012 - 06:21
CVE-2012-2318 5.0
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
10-10-2014 - 00:52 03-07-2012 - 15:55
CVE-2012-1967 10.0
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to e
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1966 4.3
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1965 4.3
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascr
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1964 4.0
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1963 4.3
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings pl
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1962 10.0
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote at
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1961 4.3
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier fo
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1960 5.0
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1959 5.0
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-c
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1958 9.3
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remot
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1957 4.3
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within descri
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1955 6.8
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and hi
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1954 10.0
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1953 9.3
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a den
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1952 9.3
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame varia
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1951 10.0
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows rem
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1950 6.4
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1948 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to caus
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-0563 2.1
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist.
10-10-2014 - 00:48 17-07-2012 - 18:55
CVE-2010-2632 7.8
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a re
10-10-2014 - 00:26 19-01-2011 - 11:00
CVE-2014-0397 10.0
Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors."
07-10-2014 - 20:21 06-10-2014 - 19:55
CVE-2013-1571 4.3
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
04-10-2014 - 01:04 18-06-2013 - 18:55
CVE-2012-5621 5.0
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
30-09-2014 - 14:52 29-09-2014 - 18:55
CVE-2013-4935 4.3
The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote att
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4934 4.3
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application cra
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4933 5.0
The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a cr
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4932 5.0
Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet.
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4931 5.0
epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector.
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4930 5.0
The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to c
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4929 7.8
The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4928 7.8
Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4927 7.8
Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU cons
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4926 5.0
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (a
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4925 5.0
Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet.
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4924 5.0
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and applicati
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4923 5.0
Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) v
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4922 5.0
Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (applica
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4921 5.0
Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4920 5.0
The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
23-09-2014 - 01:38 29-07-2013 - 20:56
CVE-2013-4083 5.0
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denia
23-09-2014 - 01:36 09-06-2013 - 17:55
CVE-2012-2141 3.5
Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry
13-09-2014 - 01:01 14-08-2012 - 18:55
CVE-2014-3517 4.3
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-for
07-08-2014 - 11:29 07-08-2014 - 07:13
CVE-2013-4352 4.3
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and dae
04-08-2014 - 14:48 20-07-2014 - 07:12
CVE-2014-4020 4.3
The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote
19-06-2014 - 13:13 18-06-2014 - 12:55
CVE-2014-3465 5.0
The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP d
18-06-2014 - 00:32 10-06-2014 - 10:55
CVE-2014-2907 4.3
The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a
23-05-2014 - 00:08 24-04-2014 - 06:55
CVE-2012-3524 6.9
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus ma
05-05-2014 - 01:12 18-09-2012 - 13:55
CVE-2009-2625 5.0
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
05-05-2014 - 00:32 06-08-2009 - 11:30
CVE-2013-7114 5.0
Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application
19-04-2014 - 00:45 19-12-2013 - 17:55
CVE-2013-7112 5.0
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop)
19-04-2014 - 00:45 19-12-2013 - 17:55
CVE-2013-6462 9.3
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character nam
19-04-2014 - 00:44 09-01-2014 - 13:55
CVE-2013-6340 4.3
epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a
19-04-2014 - 00:44 04-11-2013 - 11:55
CVE-2013-6339 4.3
The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet.
19-04-2014 - 00:44 04-11-2013 - 11:55
CVE-2013-6338 4.3
The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (
19-04-2014 - 00:44 04-11-2013 - 11:55
CVE-2013-6337 4.3
Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
19-04-2014 - 00:44 04-11-2013 - 11:55
CVE-2013-6336 4.3
The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of servic
19-04-2014 - 00:44 04-11-2013 - 11:55
CVE-2013-5721 4.3
The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of servi
19-04-2014 - 00:42 16-09-2013 - 09:01
CVE-2012-6062 5.0
The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the RTCP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
19-04-2014 - 00:29 05-12-2012 - 06:57
CVE-2012-6061 5.0
The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the WTP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data type for a certain length field, which allows remote attackers to cause a denial of se
19-04-2014 - 00:29 05-12-2012 - 06:57
CVE-2012-6060 5.0
Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/packet-iscsi.c in the iSCSI dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed p
19-04-2014 - 00:29 05-12-2012 - 06:57
CVE-2012-6056 5.0
Integer overflow in the dissect_sack_chunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Duplicate TSN count.
19-04-2014 - 00:29 05-12-2012 - 06:57
CVE-2014-2310 5.0
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-
18-04-2014 - 11:52 17-04-2014 - 10:55
CVE-2014-0421 4.6
Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.
16-04-2014 - 12:05 15-04-2014 - 20:55
CVE-2014-0442 4.6
Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.
16-04-2014 - 12:02 15-04-2014 - 20:55
CVE-2013-4073 6.8
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name fie
01-04-2014 - 02:22 17-08-2013 - 22:52
CVE-2014-2573 2.3
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting t
26-03-2014 - 09:41 25-03-2014 - 12:55
CVE-2013-2116 5.0
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2
26-03-2014 - 00:47 03-07-2013 - 14:55
CVE-2013-1619 4.0
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows rem
26-03-2014 - 00:46 08-02-2013 - 14:55
CVE-2012-1573 5.0
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a c
26-03-2014 - 00:30 26-03-2012 - 15:55
CVE-2012-0260 5.0
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
26-03-2014 - 00:27 05-06-2012 - 18:55
CVE-2012-0027 5.0
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.
26-03-2014 - 00:27 05-01-2012 - 20:55
CVE-2011-4577 4.3
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address bloc
26-03-2014 - 00:25 05-01-2012 - 20:55
CVE-2014-0020 5.0
The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.
16-03-2014 - 00:43 06-02-2014 - 11:10
CVE-2013-6486 9.3
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerabilit
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6485 5.0
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data.
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6484 5.0
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error.
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6483 6.4
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6482 5.0
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.
16-03-2014 - 00:42 06-02-2014 - 12:00
CVE-2013-6481 5.0
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read.
16-03-2014 - 00:42 06-02-2014 - 12:00
CVE-2013-6479 5.0
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted res
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6478 4.3
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6477 5.0
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2012-6152 5.0
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences.
16-03-2014 - 00:31 06-02-2014 - 11:10
CVE-2012-2088 7.5
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff
16-03-2014 - 00:24 22-07-2012 - 13:55
CVE-2014-1839 4.4
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.
12-03-2014 - 14:43 11-03-2014 - 15:37
CVE-2014-1838 4.4
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
12-03-2014 - 14:38 11-03-2014 - 15:37
CVE-2013-6490 10.0
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
08-03-2014 - 00:11 06-02-2014 - 12:00
CVE-2013-6489 5.0
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.
08-03-2014 - 00:11 06-02-2014 - 12:00
CVE-2013-4761 5.1
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.
05-03-2014 - 23:47 20-08-2013 - 18:55
CVE-2013-4287 4.3
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote at
05-03-2014 - 23:47 17-10-2013 - 19:55
CVE-2013-4244 6.8
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
05-03-2014 - 23:47 28-09-2013 - 15:55
CVE-2013-4232 6.8
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
05-03-2014 - 23:47 10-09-2013 - 15:55
CVE-2013-4113 6.8
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the
05-03-2014 - 23:47 13-07-2013 - 09:10
CVE-2013-2924 7.5
Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown ve
05-03-2014 - 23:46 02-10-2013 - 06:35
CVE-2012-0022 5.0
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters
05-03-2014 - 23:34 18-01-2012 - 23:01
CVE-2011-4858 5.0
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU con
05-03-2014 - 23:33 05-01-2012 - 14:55
CVE-2013-0346 2.1
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory
18-02-2014 - 14:40 15-02-2014 - 09:57
CVE-2012-4481 4.3
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
11-02-2014 - 23:39 02-05-2013 - 10:55
CVE-2011-0284 7.6
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (dae
11-02-2014 - 23:26 19-03-2011 - 22:00
CVE-2010-4411 4.3
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
11-02-2014 - 23:24 06-12-2010 - 15:13
CVE-2010-1675 5.0
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
11-02-2014 - 23:19 29-03-2011 - 14:55
CVE-2010-1674 5.0
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
11-02-2014 - 23:19 29-03-2011 - 14:55
CVE-2013-0200 1.9
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /t
06-02-2014 - 23:44 06-03-2013 - 15:55
CVE-2012-6139 5.0
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFuncti
06-02-2014 - 23:44 12-04-2013 - 18:55
CVE-2013-1790 6.8
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.
27-01-2014 - 23:51 09-04-2013 - 16:55
CVE-2013-1788 6.8
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/St
27-01-2014 - 23:51 09-04-2013 - 16:55
CVE-2013-1643 5.0
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity
27-01-2014 - 23:51 06-03-2013 - 08:10
CVE-2013-1635 7.5
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggeri
27-01-2014 - 23:51 06-03-2013 - 08:10
CVE-2013-1417 3.5
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that tr
27-01-2014 - 23:51 20-11-2013 - 09:12
CVE-2013-0900 6.8
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspe
27-01-2014 - 23:50 23-02-2013 - 16:55
CVE-2012-5134 6.8
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute ar
27-01-2014 - 23:48 27-11-2012 - 20:55
CVE-2012-2871 6.8
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have un
27-01-2014 - 23:45 31-08-2012 - 15:55
CVE-2012-2870 4.3
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identifi
27-01-2014 - 23:45 31-08-2012 - 15:55
CVE-2012-2825 5.0
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
27-01-2014 - 23:45 27-06-2012 - 06:18
CVE-2012-2807 6.8
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
27-01-2014 - 23:45 27-06-2012 - 06:18
CVE-2012-0841 5.0
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
27-01-2014 - 23:42 21-12-2012 - 00:46
CVE-2011-3102 6.8
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
27-01-2014 - 23:38 15-05-2012 - 20:55
CVE-2013-7239 4.8
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
23-01-2014 - 23:37 13-01-2014 - 16:55
CVE-2013-0179 1.8
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not
23-01-2014 - 23:31 13-01-2014 - 16:55
CVE-2011-3919 7.5
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
23-01-2014 - 23:21 07-01-2012 - 06:55
CVE-2013-1993 6.8
Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.
17-01-2014 - 00:14 15-06-2013 - 15:55
CVE-2003-1067 7.2
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
16-01-2014 - 21:39 19-06-2003 - 00:00
CVE-2013-7291 1.8
memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source t
14-01-2014 - 10:28 13-01-2014 - 16:55
CVE-2013-7290 1.8
The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for
14-01-2014 - 10:16 13-01-2014 - 16:55
CVE-2012-2126 4.3
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
13-01-2014 - 23:17 01-10-2013 - 13:55
CVE-2012-2125 5.8
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
13-01-2014 - 23:17 01-10-2013 - 13:55
CVE-2013-4402 5.0
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
03-01-2014 - 23:48 28-10-2013 - 18:55
CVE-2013-4351 5.8
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by levera
03-01-2014 - 23:48 09-10-2013 - 20:55
CVE-2013-5722 4.3
Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
30-12-2013 - 23:26 16-09-2013 - 09:01
CVE-2013-5720 5.0
Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
30-12-2013 - 23:26 16-09-2013 - 09:01
CVE-2013-5718 4.3
The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (applic
30-12-2013 - 23:26 16-09-2013 - 09:01
CVE-2013-4505 2.6
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relativ
19-12-2013 - 23:36 07-12-2013 - 15:55
CVE-2012-3479 6.8
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code vi
13-12-2013 - 00:03 25-08-2012 - 06:29
CVE-2012-2098 5.0
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with ma
12-12-2013 - 23:59 29-06-2012 - 15:55
CVE-2012-4433 7.5
Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value
05-12-2013 - 00:17 18-11-2012 - 18:55
CVE-2012-3481 6.8
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via c
05-12-2013 - 00:15 25-08-2012 - 06:29
CVE-2012-3403 6.8
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
05-12-2013 - 00:15 25-08-2012 - 06:29
CVE-2012-3236 4.3
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
05-12-2013 - 00:15 12-07-2012 - 17:55
CVE-2013-5745 7.1
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authenticatio
30-11-2013 - 23:31 01-10-2013 - 13:55
CVE-2013-4885 6.8
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory travers
30-11-2013 - 23:30 26-10-2013 - 13:55
CVE-2013-1997 6.8
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceI
30-11-2013 - 23:27 15-06-2013 - 16:55
CVE-2013-1986 6.8
Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.
30-11-2013 - 23:27 15-06-2013 - 15:55
CVE-2013-1985 6.8
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
30-11-2013 - 23:27 15-06-2013 - 15:55
CVE-2013-1984 6.8
Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList,
30-11-2013 - 23:27 15-06-2013 - 15:55
CVE-2013-1983 6.8
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
30-11-2013 - 23:27 15-06-2013 - 15:55
CVE-2013-1915 7.5
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference
30-11-2013 - 23:27 25-04-2013 - 19:55
CVE-2013-1416 4.0
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of s
30-11-2013 - 23:26 19-04-2013 - 07:44
CVE-2013-2066 6.8
Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.
24-11-2013 - 23:32 15-06-2013 - 16:55
CVE-2013-2063 6.8
Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.
24-11-2013 - 23:32 15-06-2013 - 15:55
CVE-2013-2001 6.8
Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.
24-11-2013 - 23:32 15-06-2013 - 16:55
CVE-2013-2000 6.8
Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.
24-11-2013 - 23:32 15-06-2013 - 16:55
CVE-2013-1999 6.8
Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.
24-11-2013 - 23:32 15-06-2013 - 16:55
CVE-2013-1992 6.8
Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttr
24-11-2013 - 23:32 15-06-2013 - 15:55
CVE-2013-1990 6.8
Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.
24-11-2013 - 23:32 15-06-2013 - 15:55
CVE-2013-1989 6.8
Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage functio
24-11-2013 - 23:32 15-06-2013 - 15:55
CVE-2013-1988 6.8
Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.
24-11-2013 - 23:32 15-06-2013 - 15:55
CVE-2012-3817 7.8
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote atta
24-11-2013 - 23:27 25-07-2012 - 06:42
CVE-2013-2765 4.3
The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header
18-11-2013 - 23:47 15-07-2013 - 11:55
CVE-2011-3026 7.5
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
15-11-2013 - 00:32 16-02-2012 - 15:55
CVE-2011-3659 10.0
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect Attribu
15-11-2013 - 00:32 01-02-2012 - 11:55
CVE-2012-0445 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name at
15-11-2013 - 00:31 01-02-2012 - 11:55
CVE-2012-0446 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, r
15-11-2013 - 00:31 01-02-2012 - 11:55
CVE-2012-0447 5.0
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG ima
15-11-2013 - 00:31 01-02-2012 - 11:55
CVE-2012-0449 10.0
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
15-11-2013 - 00:31 01-02-2012 - 11:55
CVE-2012-0442 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corru
15-11-2013 - 00:31 01-02-2012 - 11:55
CVE-2012-0443 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
15-11-2013 - 00:31 01-02-2012 - 11:55
CVE-2012-0444 10.0
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corr
15-11-2013 - 00:31 01-02-2012 - 11:55
CVE-2011-0419 4.3
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac
15-11-2013 - 00:31 16-05-2011 - 13:55
CVE-2013-5719 4.3
epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
02-11-2013 - 23:34 16-09-2013 - 09:01
CVE-2013-5717 4.3
The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the
02-11-2013 - 23:34 16-09-2013 - 09:01
CVE-2013-1849 4.3
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
02-11-2013 - 23:31 02-05-2013 - 10:55
CVE-2013-0274 2.9
upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
02-11-2013 - 23:29 16-02-2013 - 16:55
CVE-2013-0273 5.0
sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet.
02-11-2013 - 23:29 16-02-2013 - 16:55
CVE-2013-0271 5.0
The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.
02-11-2013 - 23:29 16-02-2013 - 16:55
CVE-2012-6059 5.0
The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ISAKMP dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 uses an incorrect data structure to determine IKEv2 decryption parameters, which allows remote attackers to
02-11-2013 - 23:28 05-12-2012 - 06:57
CVE-2012-6058 5.0
Integer overflow in the dissect_icmpv6 function in epan/dissectors/packet-icmpv6.c in the ICMPv6 dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted Numb
02-11-2013 - 23:28 05-12-2012 - 06:57
CVE-2012-6057 5.0
The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer o
02-11-2013 - 23:28 05-12-2012 - 06:57
CVE-2012-6055 5.0
epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service (infinite loop) via a zero value in a sub-type length field.
02-11-2013 - 23:28 05-12-2012 - 06:57
CVE-2012-6054 5.0
The dissect_sflow_245_address_type function in epan/dissectors/packet-sflow.c in the sFlow dissector in Wireshark 1.8.x before 1.8.4 does not properly handle length calculations for an invalid IP address type, which allows remote attackers to cause a
02-11-2013 - 23:28 05-12-2012 - 06:57
CVE-2012-6053 5.0
epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service (infinite loop) via a zero val
02-11-2013 - 23:28 05-12-2012 - 06:57
CVE-2012-6052 5.0
Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files.
02-11-2013 - 23:28 05-12-2012 - 06:57
CVE-2012-5240 5.8
Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a
02-11-2013 - 23:28 04-10-2012 - 15:55
CVE-2012-5238 3.3
epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and ap
02-11-2013 - 23:28 04-10-2012 - 15:55
CVE-2012-5237 3.3
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
02-11-2013 - 23:28 04-10-2012 - 15:55
CVE-2012-3980 9.3
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a cr
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3978 6.8
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location objec
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3976 5.8
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3974 6.9
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3972 5.0
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3970 10.0
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execu
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3969 9.3
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execut
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3968 10.0
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3966 10.0
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3964 10.0
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3963 10.0
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3962 9.3
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3961 10.0
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3960 10.0
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote at
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3959 10.0
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attacke
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3958 10.0
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3957 10.0
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to e
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3956 10.0
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote atta
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-2893 6.8
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
02-11-2013 - 23:24 26-09-2012 - 06:56
CVE-2012-2214 3.5
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer req
02-11-2013 - 23:23 03-07-2012 - 15:55
CVE-2012-1976 10.0
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote a
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1975 10.0
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1974 10.0
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1973 10.0
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1972 10.0
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1971 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1970 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-0773 10.0
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x;
02-11-2013 - 23:21 28-03-2012 - 15:55
CVE-2012-0769 5.0
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to ob
02-11-2013 - 23:21 05-03-2012 - 16:55
CVE-2012-0768 10.0
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary
02-11-2013 - 23:21 05-03-2012 - 16:55
CVE-2012-0479 4.3
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) A
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0478 9.3
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_O
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0477 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbit
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0474 4.3
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote atta
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0473 5.0
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0471 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web s
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0470 10.0
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0469 10.0
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMo
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0468 10.0
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vecto
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2012-0467 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause
02-11-2013 - 23:21 25-04-2012 - 06:10
CVE-2011-2460 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2459 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2458 9.3
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2457 10.0
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code v
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2456 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecifi
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2455 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2454 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2453 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2452 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2451 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2450 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (he
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-2445 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
02-11-2013 - 23:14 11-11-2011 - 11:55
CVE-2011-0608 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
02-11-2013 - 23:10 10-02-2011 - 11:00
CVE-2011-0607 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
02-11-2013 - 23:10 10-02-2011 - 11:00
CVE-2011-0578 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a d
02-11-2013 - 23:10 10-02-2011 - 11:00
CVE-2011-0577 9.3
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
02-11-2013 - 23:10 10-02-2011 - 11:00
CVE-2011-0575 6.9
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0574 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0573 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0572 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0571 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0561 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0560 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0559 9.3
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a d
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2011-0558 9.3
Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.
02-11-2013 - 23:09 10-02-2011 - 11:00
CVE-2010-2528 4.0
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that
02-11-2013 - 23:00 30-07-2010 - 09:26
CVE-2010-1624 5.0
The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed
02-11-2013 - 22:58 14-05-2010 - 15:30
CVE-2010-0277 5.0
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malf
02-11-2013 - 22:56 09-01-2010 - 13:30
CVE-2009-3615 5.0
The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM I
02-11-2013 - 22:53 20-10-2009 - 13:30
CVE-2013-5866 5.2
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
30-10-2013 - 23:35 16-10-2013 - 14:55
CVE-2013-5865 1.7
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration.
30-10-2013 - 23:35 16-10-2013 - 14:55
CVE-2013-5863 4.3
Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect integrity via vectors related to IPS repository daemon.
30-10-2013 - 23:35 16-10-2013 - 14:55
CVE-2013-5861 4.3
Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect availability via vectors related to Kernel/KSSL.
30-10-2013 - 23:35 16-10-2013 - 14:55
CVE-2012-1150 5.0
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU
30-10-2013 - 23:23 05-10-2012 - 17:55
CVE-2012-0845 5.0
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that
30-10-2013 - 23:23 05-10-2012 - 17:55
CVE-2013-1067 4.9
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
28-10-2013 - 09:49 25-10-2013 - 19:55
CVE-2011-2939 5.1
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, w
23-10-2013 - 23:32 13-01-2012 - 13:55
CVE-2010-1158 5.0
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
23-10-2013 - 23:22 20-04-2010 - 11:30
CVE-2005-4278 7.2
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
23-10-2013 - 21:56 16-12-2005 - 06:03
CVE-2005-0448 1.2
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
23-10-2013 - 21:44 02-05-2005 - 00:00
CVE-2013-6169 4.3
The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.
18-10-2013 - 13:46 17-10-2013 - 19:55
CVE-2013-4363 4.3
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows
18-10-2013 - 11:06 17-10-2013 - 19:55
CVE-2013-1499 1.7
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.
10-10-2013 - 23:50 17-04-2013 - 08:14
CVE-2013-1415 7.1
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors
10-10-2013 - 23:50 05-03-2013 - 00:05
CVE-2013-0417 5.0
Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS).
10-10-2013 - 23:48 16-01-2013 - 20:55
CVE-2013-0414 3.3
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93.
10-10-2013 - 23:48 16-01-2013 - 20:55
CVE-2012-5095 4.4
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd.
10-10-2013 - 23:46 17-10-2012 - 06:54
CVE-2012-3215 1.7
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3212 4.7
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3211 4.6
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3210 7.8
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3209 5.6
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM).
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3208 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3207 4.9
Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3205 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3204 7.2
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3203 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3199 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3189 7.8
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3178 2.1
Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors.
10-10-2013 - 23:44 16-01-2013 - 20:55
CVE-2012-3165 3.6
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.
10-10-2013 - 23:44 16-10-2012 - 20:55
CVE-2012-3131 4.3
Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS.
10-10-2013 - 23:44 17-07-2012 - 19:55
CVE-2012-3130 4.3
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd.
10-10-2013 - 23:44 17-07-2012 - 19:55
CVE-2012-3129 5.1
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer.
10-10-2013 - 23:44 17-07-2012 - 19:55
CVE-2012-3123 5.0
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
10-10-2013 - 23:44 17-07-2012 - 19:55
CVE-2012-3121 5.0
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer.
10-10-2013 - 23:44 17-07-2012 - 19:55
CVE-2012-3112 4.3
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console.
10-10-2013 - 23:44 17-07-2012 - 19:55
CVE-2012-2751 4.3
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote a
10-10-2013 - 23:43 22-07-2012 - 12:55
CVE-2012-1798 4.3
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
10-10-2013 - 23:42 05-06-2012 - 18:55
CVE-2012-1752 4.9
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS.
10-10-2013 - 23:42 17-07-2012 - 18:55
CVE-2012-1750 4.4
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx.
10-10-2013 - 23:42 17-07-2012 - 18:55
CVE-2012-1698 2.1
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD.
10-10-2013 - 23:42 03-05-2012 - 18:55
CVE-2012-1610 4.3
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: th
10-10-2013 - 23:42 05-06-2012 - 18:55
CVE-2012-1016 4.3
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate c
10-10-2013 - 23:41 04-03-2013 - 23:54
CVE-2012-0539 6.2
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.
10-10-2013 - 23:40 03-05-2012 - 14:55
CVE-2012-0217 7.2
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-R
10-10-2013 - 23:40 12-06-2012 - 18:55
CVE-2013-4956 3.6
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were origi
07-10-2013 - 14:49 20-08-2013 - 18:55
CVE-2013-4239 4.0
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
01-10-2013 - 11:16 30-09-2013 - 17:55
CVE-2013-4123 5.0
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
17-09-2013 - 10:19 16-09-2013 - 15:14
CVE-2013-4635 5.0
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish
11-09-2013 - 23:36 21-06-2013 - 17:55
CVE-2013-2062 6.8
Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQuer
11-09-2013 - 23:34 15-06-2013 - 15:55
CVE-2011-4109 9.3
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
11-09-2013 - 23:19 05-01-2012 - 20:55
CVE-2006-1725 2.6
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users in
11-09-2013 - 00:53 14-04-2006 - 06:02
CVE-2006-1723 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
08-09-2013 - 00:50 14-04-2006 - 06:02
CVE-2007-6428 5.0
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used a
30-08-2013 - 01:37 18-01-2008 - 18:00
CVE-2006-3738 10.0
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
23-08-2013 - 01:21 28-09-2006 - 14:07
CVE-2013-3797 4.7
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS.
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3765 4.9
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3753 7.8
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3752 4.3
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect integrity via vectors related to Service Management Facility (SMF).
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2013-3748 7.8
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover).
22-08-2013 - 02:54 17-07-2013 - 09:41
CVE-2012-3955 7.1
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later red
21-08-2013 - 23:57 14-09-2012 - 06:33
CVE-2012-3461 4.3
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decodi
21-08-2013 - 23:56 20-08-2012 - 15:55
CVE-2011-4539 5.0
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
21-08-2013 - 23:48 08-12-2011 - 06:55
CVE-2010-0405 5.1
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
21-08-2013 - 23:28 28-09-2010 - 14:00
CVE-2012-5887 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it e
19-08-2013 - 23:18 17-11-2012 - 14:55
CVE-2012-5886 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers t
19-08-2013 - 23:18 17-11-2012 - 14:55
CVE-2012-0698 5.0
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.
17-08-2013 - 02:41 26-11-2012 - 07:45
CVE-2011-4718 6.8
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
13-08-2013 - 14:32 13-08-2013 - 11:04
CVE-2013-0149 5.8
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets b
13-08-2013 - 13:18 05-08-2013 - 09:22
CVE-2011-1005 5.0
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
13-08-2013 - 13:00 02-03-2011 - 15:00
CVE-2007-4572 9.3
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon se
13-08-2013 - 12:10 16-11-2007 - 13:46
CVE-2009-0168 4.9
Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporar
09-08-2013 - 02:09 16-01-2009 - 16:30
CVE-2007-6015 9.3
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC stri
08-08-2013 - 01:41 13-12-2007 - 16:46
CVE-2009-0267 5.0
libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-
02-08-2013 - 02:15 26-01-2009 - 10:30
CVE-2006-4343 4.3
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer
29-07-2013 - 11:07 28-09-2006 - 14:07
CVE-2005-3250 2.1
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
20-07-2013 - 01:20 17-10-2005 - 16:06
CVE-2011-4862 10.0
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to exec
17-07-2013 - 12:31 24-12-2011 - 20:55
CVE-2013-3750 7.2
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/VM
17-07-2013 - 00:00 17-07-2013 - 09:41
CVE-2013-3746 7.2
Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Clust
17-07-2013 - 00:00 17-07-2013 - 09:41
CVE-2006-1732 4.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS)
15-07-2013 - 00:54 14-04-2006 - 06:02
CVE-2012-1134 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted privat
14-07-2013 - 02:21 25-04-2012 - 06:10
CVE-2009-0051 5.0
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-50
12-07-2013 - 00:00 07-01-2009 - 13:30
CVE-2006-1728 9.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypt
11-07-2013 - 00:53 14-04-2006 - 06:02
CVE-2012-3365 5.0
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
25-06-2013 - 23:12 20-07-2012 - 06:40
CVE-2013-4636 4.3
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type
24-06-2013 - 18:37 21-06-2013 - 17:55
CVE-2013-2004 6.8
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack con
20-06-2013 - 23:17 15-06-2013 - 16:55
CVE-2013-1982 6.8
Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo
20-06-2013 - 23:17 15-06-2013 - 15:55
CVE-2013-1969 7.5
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2
20-06-2013 - 23:17 25-04-2013 - 19:55
CVE-2013-0913 7.2
Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local use
20-06-2013 - 23:16 18-03-2013 - 11:55
CVE-2012-4504 10.0
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
04-06-2013 - 23:38 11-11-2012 - 08:00
CVE-2012-3967 6.8
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not prope
29-05-2013 - 23:17 29-08-2012 - 06:56
CVE-2012-3401 6.8
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service
29-05-2013 - 23:16 13-08-2012 - 16:55
CVE-2012-0772 10.0
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cau
29-05-2013 - 23:13 28-03-2012 - 15:55
CVE-2012-0725 10.0
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
29-05-2013 - 23:13 06-04-2012 - 16:55
CVE-2012-0724 10.0
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
29-05-2013 - 23:13 06-04-2012 - 16:55
CVE-2011-2964 6.8
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
29-05-2013 - 23:08 29-07-2011 - 16:55
CVE-2011-2697 6.8
foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.
29-05-2013 - 23:08 29-07-2011 - 16:55
CVE-2012-2763 7.5
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
14-05-2013 - 23:26 12-07-2012 - 15:55
CVE-2012-2113 6.8
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
14-05-2013 - 23:25 22-07-2012 - 13:55
CVE-2012-1173 6.8
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading t
14-05-2013 - 23:24 04-06-2012 - 16:55
CVE-2010-1634 5.0
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with
14-05-2013 - 23:08 27-05-2010 - 15:30
CVE-2009-2347 9.3
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a hea
14-05-2013 - 22:57 14-07-2009 - 16:30
CVE-2009-1570 9.3
Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
14-05-2013 - 22:56 13-11-2009 - 10:30
CVE-2009-0040 6.8
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr
14-05-2013 - 22:53 22-02-2009 - 17:30
CVE-2007-5269 5.0
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle
14-05-2013 - 22:32 08-10-2007 - 17:17
CVE-2011-4128 4.3
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of s
03-05-2013 - 23:13 08-12-2011 - 15:55
CVE-2012-3410 4.6
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
18-04-2013 - 23:23 27-08-2012 - 19:55
CVE-2012-0044 7.2
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corrupti
18-04-2013 - 23:17 17-05-2012 - 07:00
CVE-2012-4505 10.0
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a differe
10-04-2013 - 23:31 11-11-2012 - 08:00
CVE-2013-1789 4.3
splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleM
10-04-2013 - 00:00 09-04-2013 - 16:55
CVE-2012-3482 5.8
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in
04-04-2013 - 23:12 21-12-2012 - 00:46
CVE-2012-0804 10.0
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
01-04-2013 - 23:15 29-05-2012 - 16:55
CVE-2012-4429 5.0
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
13-03-2013 - 23:10 30-09-2012 - 20:55
CVE-2012-1833 5.0
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter t
01-03-2013 - 23:40 28-09-2012 - 17:55
CVE-2012-1820 2.9
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering
01-03-2013 - 23:40 13-06-2012 - 11:55
CVE-2012-4037 2.6
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
21-02-2013 - 23:40 15-08-2012 - 16:55
CVE-2012-0464 7.5
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 all
14-02-2013 - 23:53 14-03-2012 - 15:55
CVE-2012-0461 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
14-02-2013 - 23:53 14-03-2012 - 15:55
CVE-2012-0458 6.8
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through th
14-02-2013 - 23:53 14-03-2012 - 15:55
CVE-2012-0457 9.3
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x
14-02-2013 - 23:53 14-03-2012 - 15:55
CVE-2012-0456 5.0
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote atta
14-02-2013 - 23:53 14-03-2012 - 15:55
CVE-2012-0455 4.3
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on java
14-02-2013 - 23:53 14-03-2012 - 15:55
CVE-2011-3062 6.8
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
14-02-2013 - 23:48 30-03-2012 - 18:55
CVE-2010-0888 10.0
Unspecified vulnerability in the Sun Ray Server Software component in Oracle Sun Product Suite 4.0, 4.1, and 4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Device Services.
08-02-2013 - 00:00 13-04-2010 - 18:30
CVE-2010-0885 6.8
Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book.
08-02-2013 - 00:00 13-04-2010 - 18:30
CVE-2012-5581 6.8
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
07-02-2013 - 23:55 04-01-2013 - 17:55
CVE-2012-4564 6.8
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory
07-02-2013 - 23:54 11-11-2012 - 08:00
CVE-2010-0896 7.1
Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Address Book and Mail Filter.
07-02-2013 - 00:00 13-04-2010 - 18:30
CVE-2010-0893 4.3
Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail.
07-02-2013 - 00:00 13-04-2010 - 18:30
CVE-2010-0891 5.8
Unspecified vulnerability in the Sun Management Center component in Oracle Sun Product Suite 3.6.1 and 4.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Solaris Container Manager.
07-02-2013 - 00:00 13-04-2010 - 18:30
CVE-2011-3905 5.0
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
06-02-2013 - 23:48 13-12-2011 - 16:55
CVE-2011-2834 6.8
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
06-02-2013 - 23:45 19-09-2011 - 08:02
CVE-2011-2821 7.5
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
06-02-2013 - 23:45 29-08-2011 - 11:55
CVE-2011-0216 9.3
Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.
06-02-2013 - 23:40 21-07-2011 - 19:55
CVE-2012-2111 6.5
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges da
29-01-2013 - 23:50 30-04-2012 - 10:55
CVE-2011-4815 7.8
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an applicatio
29-01-2013 - 23:44 29-12-2011 - 20:55
CVE-2011-2728 4.3
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
29-01-2013 - 00:00 21-12-2012 - 00:46
CVE-2012-6095 1.2
ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
25-01-2013 - 00:00 24-01-2013 - 16:55
CVE-2012-2370 5.0
Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a h
14-01-2013 - 23:30 13-08-2012 - 16:55
CVE-2012-1595 4.3
The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Mul
03-01-2013 - 23:37 11-04-2012 - 06:39
CVE-2012-0255 5.0
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malforme
03-01-2013 - 23:34 05-04-2012 - 09:25
CVE-2012-0250 3.3
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for
03-01-2013 - 23:34 05-04-2012 - 09:25
CVE-2012-0249 3.3
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (a
03-01-2013 - 23:34 05-04-2012 - 09:25
CVE-2012-1143 4.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1142 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1141 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1139 9.3
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary co
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1138 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involvi
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1137 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted heade
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1136 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1135 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involvi
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1133 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1132 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted diction
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1131 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1130 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted propert
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1129 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1127 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph o
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1126 10.0
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted propert
28-12-2012 - 23:38 25-04-2012 - 06:10
CVE-2012-1144 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted True
18-12-2012 - 23:50 25-04-2012 - 06:10
CVE-2012-1140 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostS
18-12-2012 - 23:50 25-04-2012 - 06:10
CVE-2012-1128 9.3
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType
18-12-2012 - 23:50 25-04-2012 - 06:10
CVE-2012-0460 6.4
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote at
18-12-2012 - 23:48 14-03-2012 - 15:55
CVE-2012-0459 7.5
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial
18-12-2012 - 23:48 14-03-2012 - 15:55
CVE-2012-0451 4.3
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security
18-12-2012 - 23:48 14-03-2012 - 15:55
CVE-2011-3655 9.3
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
18-12-2012 - 23:44 09-11-2011 - 06:55
CVE-2011-3654 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application cras
18-12-2012 - 23:44 09-11-2011 - 06:55
CVE-2011-3652 10.0
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
18-12-2012 - 23:44 09-11-2011 - 06:55
CVE-2011-3651 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors
18-12-2012 - 23:44 09-11-2011 - 06:55
CVE-2011-3439 9.3
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
18-12-2012 - 23:43 11-11-2011 - 13:55
CVE-2011-3256 4.3
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font,
18-12-2012 - 23:43 14-10-2011 - 06:55
CVE-2011-3232 9.3
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
18-12-2012 - 23:43 28-09-2011 - 20:55
CVE-2011-3005 9.3
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
18-12-2012 - 23:42 28-09-2011 - 20:55
CVE-2012-0248 4.3
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
26-11-2012 - 23:38 05-06-2012 - 18:55
CVE-2011-3506 4.3
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.
26-11-2012 - 23:34 18-10-2011 - 18:55
CVE-2008-2292 6.8
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in
26-11-2012 - 22:46 18-05-2008 - 10:20
CVE-2012-2394 3.3
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1)
06-11-2012 - 00:11 30-06-2012 - 06:15
CVE-2012-2393 3.3
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application cra
06-11-2012 - 00:11 30-06-2012 - 06:15
CVE-2012-2392 3.3
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
06-11-2012 - 00:11 30-06-2012 - 06:15
CVE-2012-1596 5.0
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containi
06-11-2012 - 00:09 11-04-2012 - 06:39
CVE-2012-1594 3.3
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
06-11-2012 - 00:09 11-04-2012 - 06:39
CVE-2011-4362 5.0
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via
06-11-2012 - 00:03 24-12-2011 - 14:55
CVE-2011-3535 5.0
Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad).
06-11-2012 - 00:01 18-10-2011 - 18:55
CVE-2011-3508 9.3
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.
06-11-2012 - 00:01 18-10-2011 - 18:55
CVE-2011-3507 3.5
Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server.
06-11-2012 - 00:01 18-10-2011 - 18:55
CVE-2011-3326 5.0
The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.
06-11-2012 - 00:00 10-10-2011 - 06:55
CVE-2011-3325 5.0
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.
06-11-2012 - 00:00 10-10-2011 - 06:55
CVE-2011-3324 5.0
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Adver
06-11-2012 - 00:00 10-10-2011 - 06:55
CVE-2011-3323 5.0
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
06-11-2012 - 00:00 10-10-2011 - 06:55
CVE-2007-1349 4.3
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted U
05-11-2012 - 22:34 29-03-2007 - 20:19
CVE-2009-0050 4.3
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-
30-10-2012 - 23:13 07-01-2009 - 13:30
CVE-2009-0049 5.0
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DS
30-10-2012 - 23:13 07-01-2009 - 13:30
CVE-2009-0048 5.0
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a
30-10-2012 - 23:13 07-01-2009 - 13:30
CVE-2009-0047 5.0
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar
30-10-2012 - 23:13 07-01-2009 - 13:30
CVE-2009-0046 5.0
Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a
30-10-2012 - 23:13 07-01-2009 - 13:30
CVE-2009-0021 5.0
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for
30-10-2012 - 23:13 07-01-2009 - 12:30
CVE-2008-5133 5.8
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows
30-10-2012 - 23:06 18-11-2008 - 11:00
CVE-2008-4989 4.3
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers t
30-10-2012 - 23:06 12-11-2008 - 20:00
CVE-2008-4098 4.6
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and
30-10-2012 - 23:03 18-09-2008 - 11:04
CVE-2008-1684 4.7
inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.
30-10-2012 - 22:55 06-04-2008 - 19:44
CVE-2007-3283 6.8
GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.
30-10-2012 - 22:38 19-06-2007 - 18:30
CVE-2007-3094 9.0
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
30-10-2012 - 22:37 06-06-2007 - 17:30
CVE-2007-3069 4.6
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
30-10-2012 - 22:37 06-06-2007 - 06:30
CVE-2007-2798 7.4
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
30-10-2012 - 22:36 26-06-2007 - 18:30
CVE-2007-2754 6.8
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overf
30-10-2012 - 22:36 17-05-2007 - 18:30
CVE-2007-2442 9.3
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cl
30-10-2012 - 22:34 26-06-2007 - 18:30
CVE-2007-0245 9.3
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
30-10-2012 - 22:27 12-06-2007 - 17:30
CVE-2005-2096 7.5
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
30-10-2012 - 21:48 06-07-2005 - 00:00
CVE-2012-0462 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause
30-10-2012 - 00:00 14-03-2012 - 15:55
CVE-2008-4309 5.0
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK req
29-10-2012 - 23:17 31-10-2008 - 16:29
CVE-2010-0453 4.9
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_V
22-10-2012 - 23:19 03-02-2010 - 13:30
CVE-2009-3403 10.0
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes CVE-2009-267
22-10-2012 - 23:11 22-10-2009 - 14:30
CVE-2009-3183 7.2
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.
22-10-2012 - 23:10 14-09-2009 - 12:30
CVE-2009-2694 10.0
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory
22-10-2012 - 23:09 21-08-2009 - 07:02
CVE-2009-2676 6.8
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attacke
22-10-2012 - 23:09 05-08-2009 - 15:30
CVE-2009-2675 10.0
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header
22-10-2012 - 23:09 05-08-2009 - 15:30
CVE-2009-2674 7.5
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during dis
22-10-2012 - 23:09 05-08-2009 - 15:30
CVE-2009-2673 7.5
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspec
22-10-2012 - 23:09 05-08-2009 - 15:30
CVE-2009-2672 7.5
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications,
22-10-2012 - 23:09 05-08-2009 - 15:30
CVE-2009-2671 5.0
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2)
22-10-2012 - 23:09 05-08-2009 - 15:30
CVE-2009-2670 5.0
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which
22-10-2012 - 23:09 05-08-2009 - 15:30
CVE-2009-1101 5.0
Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) f
22-10-2012 - 23:05 25-03-2009 - 19:30
CVE-2009-1100 5.0
Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors relate
22-10-2012 - 23:05 25-03-2009 - 19:30
CVE-2009-1099 7.5
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a
22-10-2012 - 23:05 25-03-2009 - 19:30
CVE-2009-1095 10.0
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pa
22-10-2012 - 23:05 25-03-2009 - 19:30
CVE-2009-1094 10.0
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP
22-10-2012 - 23:05 25-03-2009 - 19:30
CVE-2009-1093 5.0
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initiali
22-10-2012 - 23:05 25-03-2009 - 19:30
CVE-2009-0688 7.5
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
22-10-2012 - 23:03 15-05-2009 - 11:30
CVE-2008-4247 7.5
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execu
22-10-2012 - 22:53 25-09-2008 - 15:25
CVE-2012-5239
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descr
03-10-2012 - 17:55 03-10-2012 - 17:55
CVE-2011-4599 7.5
Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant
21-09-2012 - 23:27 21-06-2012 - 11:55
CVE-2011-3048 6.8
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk i
21-09-2012 - 23:24 29-05-2012 - 16:55
CVE-2011-3648 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
14-09-2012 - 13:34 09-11-2011 - 06:55
CVE-2011-3146 6.8
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element na
13-09-2012 - 00:00 05-09-2012 - 19:55
CVE-2012-2337 7.2
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command
13-08-2012 - 23:37 18-05-2012 - 14:55
CVE-2012-1593 3.3
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
13-08-2012 - 23:36 11-04-2012 - 06:39
CVE-2011-4101 4.3
The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and appli
13-08-2012 - 23:31 03-11-2011 - 11:55
CVE-2011-3360 9.3
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
13-08-2012 - 23:30 20-09-2011 - 06:55
CVE-2011-3266 2.6
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed
13-08-2012 - 23:29 23-08-2011 - 20:55
CVE-2011-0839 3.7
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.
03-08-2012 - 00:00 20-04-2011 - 06:55
CVE-2011-0821 3.0
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.
03-08-2012 - 00:00 20-04-2011 - 06:55
CVE-2011-0812 3.7
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
03-08-2012 - 00:00 20-04-2011 - 06:55
CVE-2011-0849 4.3
Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor.
02-08-2012 - 00:00 20-04-2011 - 06:55
CVE-2011-0847 4.0
Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Authentication.
02-08-2012 - 00:00 20-04-2011 - 06:55
CVE-2011-0844 4.3
Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.
02-08-2012 - 00:00 20-04-2011 - 06:55
CVE-2011-4029 1.9
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack
17-07-2012 - 00:00 03-07-2012 - 15:55
CVE-2011-4028 1.2
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
17-07-2012 - 00:00 03-07-2012 - 15:55
CVE-2011-1528 7.8
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure an
20-04-2012 - 00:00 20-10-2011 - 17:55
CVE-2009-1106 6.4
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary
23-03-2012 - 00:00 25-03-2009 - 19:30
CVE-2009-1096 10.0
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pac
23-03-2012 - 00:00 25-03-2009 - 19:30
CVE-2011-4320 4.0
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
29-02-2012 - 00:00 17-02-2012 - 19:55
CVE-2011-3375 5.0
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header infor
15-02-2012 - 23:16 18-01-2012 - 23:01
CVE-2009-0304 7.8
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrat
07-02-2012 - 00:00 27-01-2009 - 15:30
CVE-2011-2524 5.0
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
01-02-2012 - 23:06 31-08-2011 - 19:55
CVE-2012-0100 6.8
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.
30-01-2012 - 23:08 18-01-2012 - 17:55