Max CVSS 9.3 Min CVSS 2.1 Total Count29
IDCVSSSummaryLast (major) updatePublished
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
06-01-2017 - 21:59 06-09-2011 - 15:55
CVE-2011-4566 6.4
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_v
07-12-2016 - 22:02 28-11-2011 - 19:55
CVE-2012-0036 7.5
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack
28-11-2016 - 14:07 13-04-2012 - 16:55
CVE-2011-4885 5.0
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
22-08-2016 - 22:04 29-12-2011 - 20:55
CVE-2011-1944 9.3
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file tha
16-06-2016 - 21:59 02-09-2011 - 12:55
CVE-2011-2895 9.3
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x
11-12-2015 - 21:59 19-08-2011 - 13:55
CVE-2011-3919 7.5
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
23-01-2014 - 23:21 07-01-2012 - 06:55
CVE-2011-1005 5.0
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
13-08-2013 - 13:00 02-03-2011 - 15:00
CVE-2011-2834 6.8
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
06-02-2013 - 23:45 19-09-2011 - 08:02
CVE-2011-2821 7.5
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
06-02-2013 - 23:45 29-08-2011 - 11:55
CVE-2011-4815 7.8
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an applicatio
29-01-2013 - 23:44 29-12-2011 - 20:55
CVE-2012-0652 4.9
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by read
30-10-2012 - 00:00 10-05-2012 - 23:49
CVE-2012-0830 7.5
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability e
21-07-2012 - 23:34 06-02-2012 - 15:55
CVE-2012-0649 6.9
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
20-06-2012 - 00:00 10-05-2012 - 23:49
CVE-2012-0675 4.3
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0662 7.5
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0661 6.8
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0660 6.8
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0659 6.8
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0658 6.8
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0657 2.1
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0655 6.4
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-snif
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0654 6.8
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ce
29-05-2012 - 23:42 10-05-2012 - 23:49
CVE-2012-0656 6.9
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.
29-05-2012 - 00:00 10-05-2012 - 23:49
CVE-2012-0642 9.3
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
11-05-2012 - 23:44 08-03-2012 - 17:55
CVE-2011-3212 2.1
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the d
11-05-2012 - 23:40 14-10-2011 - 06:55
CVE-2011-1778 6.8
Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.
11-05-2012 - 23:38 13-04-2012 - 16:55
CVE-2011-1777 6.8
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitr
11-05-2012 - 23:37 13-04-2012 - 16:55
CVE-2011-1004 6.3
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
11-05-2012 - 23:36 02-03-2011 - 15:00
Back to Top Mark selected
Back to Top