Max CVSS 10.0 Min CVSS 0.0 Total Count316
IDCVSSSummaryLast (major) updatePublished
CVE-2000-0864 6.2
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
19-01-2017 - 21:59 14-11-2000 - 00:00
CVE-2012-1164 2.6
slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
06-01-2017 - 21:59 29-06-2012 - 15:55
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
06-01-2017 - 21:59 06-09-2011 - 15:55
CVE-2012-3571 6.1
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
30-12-2016 - 21:59 25-07-2012 - 06:42
CVE-2012-3488 4.9
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensiti
07-12-2016 - 22:02 03-10-2012 - 17:55
CVE-2012-2688 10.0
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
07-12-2016 - 22:02 20-07-2012 - 06:40
CVE-2012-0259 4.3
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-b
07-12-2016 - 22:02 05-06-2012 - 18:55
CVE-2011-2483 5.0
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext passwo
07-12-2016 - 22:02 25-08-2011 - 10:22
CVE-2002-0871 2.1
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.
07-12-2016 - 21:59 05-09-2002 - 00:00
CVE-2001-1400 2.1
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1399 2.1
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1398 7.5
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1397 2.1
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1396 3.6
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1395 3.6
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1394 2.1
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1393 2.1
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1392 2.1
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1391 2.1
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-1390 6.2
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
07-12-2016 - 21:59 17-04-2001 - 00:00
CVE-2001-0414 10.0
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
07-12-2016 - 21:59 18-06-2001 - 00:00
CVE-2011-1089 3.3
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonst
07-12-2016 - 13:15 09-04-2011 - 22:55
CVE-2012-0876 4.3
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit
05-12-2016 - 21:59 03-07-2012 - 15:55
CVE-2012-3954 3.3
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.
28-11-2016 - 14:08 25-07-2012 - 06:42
CVE-2012-3570 5.7
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.
28-11-2016 - 14:08 25-07-2012 - 06:42
CVE-2012-2845 6.4
Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2841 7.5
Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the format
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2840 7.5
Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in a
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2837 5.0
The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags th
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2836 6.4
The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via cra
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2814 7.5
Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image.
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2813 6.4
The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2812 6.4
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via c
28-11-2016 - 14:08 13-07-2012 - 06:34
CVE-2012-2653 10.0
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
28-11-2016 - 14:08 12-07-2012 - 16:55
CVE-2011-4096 5.0
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an
28-11-2016 - 14:07 17-11-2011 - 14:55
CVE-2003-0466 10.0
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to tr
17-10-2016 - 22:34 27-08-2003 - 00:00
CVE-2003-0144 7.2
Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or
17-10-2016 - 22:30 31-03-2003 - 00:00
CVE-2002-1126 2.6
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, inc
17-10-2016 - 22:23 24-09-2002 - 00:00
CVE-2002-1091 7.5
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
17-10-2016 - 22:23 04-10-2002 - 00:00
CVE-2002-0651 7.5
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
17-10-2016 - 22:21 03-07-2002 - 00:00
CVE-2001-1385 5.0
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
17-10-2016 - 22:14 12-01-2001 - 00:00
CVE-2001-1275 7.2
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
17-10-2016 - 22:14 19-01-2001 - 00:00
CVE-2001-1274 7.5
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
17-10-2016 - 22:14 23-01-2001 - 00:00
CVE-2001-0473 7.5
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
17-10-2016 - 22:11 27-06-2001 - 00:00
CVE-2001-0441 7.5
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
17-10-2016 - 22:11 27-06-2001 - 00:00
CVE-2001-0416 2.1
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
17-10-2016 - 22:11 27-06-2001 - 00:00
CVE-2001-0408 5.1
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
17-10-2016 - 22:11 18-06-2001 - 00:00
CVE-2001-0318 7.5
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
17-10-2016 - 22:10 02-06-2001 - 00:00
CVE-2001-0143 1.2
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0142 1.2
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0141 1.2
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0140 1.2
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0139 1.2
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0138 1.2
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0125 1.2
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0120 1.2
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0119 1.2
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0116 1.2
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2001-0108 5.0
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-2000-1208 7.2
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
17-10-2016 - 22:09 12-08-2002 - 00:00
CVE-2000-1178 2.1
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
17-10-2016 - 22:09 09-01-2001 - 00:00
CVE-2000-1134 7.2
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via
17-10-2016 - 22:08 09-01-2001 - 00:00
CVE-2000-0867 7.2
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
17-10-2016 - 22:07 14-11-2000 - 00:00
CVE-2000-0824 7.2
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate en
17-10-2016 - 22:07 14-11-2000 - 00:00
CVE-2012-1149 7.5
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a cra
30-08-2016 - 13:34 21-06-2012 - 11:55
CVE-2011-4619 5.0
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2011-4576 5.0
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2011-4108 4.3
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
22-08-2016 - 22:04 05-01-2012 - 20:55
CVE-2011-2716 6.8
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
30-06-2016 - 11:42 03-07-2012 - 12:40
CVE-2012-4297 8.3
Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed
02-12-2015 - 12:29 16-08-2012 - 06:38
CVE-2012-4296 3.3
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.
02-12-2015 - 12:29 16-08-2012 - 06:38
CVE-2012-4292 3.3
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library,
02-12-2015 - 12:28 16-08-2012 - 06:38
CVE-2012-4291 3.3
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
02-12-2015 - 12:27 16-08-2012 - 06:38
CVE-2012-4290 3.3
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.
02-12-2015 - 12:25 16-08-2012 - 06:38
CVE-2012-4289 3.3
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.
02-12-2015 - 12:24 16-08-2012 - 06:38
CVE-2012-4288 3.3
Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or applic
02-12-2015 - 12:22 16-08-2012 - 06:38
CVE-2012-4287 5.0
epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.
02-12-2015 - 12:22 16-08-2012 - 06:38
CVE-2012-4285 3.3
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and appli
02-12-2015 - 12:17 16-08-2012 - 06:38
CVE-2012-4049 2.9
epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.
02-12-2015 - 12:17 24-07-2012 - 15:55
CVE-2012-4048 3.3
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon
02-12-2015 - 12:15 24-07-2012 - 15:55
CVE-2012-4293 3.3
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of servi
02-12-2015 - 12:14 16-08-2012 - 06:38
CVE-2012-2665 7.5
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Do
13-11-2014 - 22:00 06-08-2012 - 14:55
CVE-2012-0037 4.3
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity
13-11-2014 - 22:00 16-06-2012 - 23:41
CVE-2012-2334 6.8
Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via th
24-10-2014 - 02:33 19-06-2012 - 16:55
CVE-2011-2713 4.3
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.
24-10-2014 - 02:19 21-10-2011 - 14:55
CVE-2012-3374 7.5
Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.
10-10-2014 - 00:54 07-07-2012 - 06:21
CVE-2012-2318 5.0
msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message.
10-10-2014 - 00:52 03-07-2012 - 15:55
CVE-2012-1967 10.0
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to e
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1966 4.3
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1965 4.3
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascr
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1964 4.0
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1963 4.3
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings pl
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1962 10.0
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote at
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1961 4.3
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier fo
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1960 5.0
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1959 5.0
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-c
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1958 9.3
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remot
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1957 4.3
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within descri
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1955 6.8
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and hi
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1954 10.0
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1953 9.3
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a den
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1952 9.3
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame varia
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1951 10.0
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows rem
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1950 6.4
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1949 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or p
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1948 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to caus
10-10-2014 - 00:51 18-07-2012 - 06:26
CVE-2012-1178 5.0
The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.
10-10-2014 - 00:50 15-03-2012 - 06:55
CVE-2012-3423 7.5
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a cr
04-10-2014 - 00:53 07-08-2012 - 17:55
CVE-2012-3422 6.8
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
04-10-2014 - 00:53 07-08-2012 - 17:55
CVE-2012-0547 0.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly
04-10-2014 - 00:47 30-08-2012 - 19:55
CVE-2012-3515 7.2
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device mode
05-05-2014 - 01:12 23-11-2012 - 15:55
CVE-2012-0260 5.0
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
26-03-2014 - 00:27 05-06-2012 - 18:55
CVE-2012-0027 5.0
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.
26-03-2014 - 00:27 05-01-2012 - 20:55
CVE-2012-2825 5.0
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
27-01-2014 - 23:45 27-06-2012 - 06:18
CVE-2012-2807 6.8
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
27-01-2014 - 23:45 27-06-2012 - 06:18
CVE-2012-0065 4.6
Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.
17-01-2014 - 00:00 06-10-2012 - 17:55
CVE-2010-3609 5.0
The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other versions before SVN revision 1647, as used in Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, allows remote attackers to cause a denial of ser
16-01-2014 - 23:49 11-03-2011 - 12:55
CVE-2011-3937 10.0
The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact an
12-12-2013 - 23:52 04-01-2013 - 19:55
CVE-2011-4351 7.5
Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.
10-12-2013 - 12:04 09-12-2013 - 11:36
CVE-2012-3481 6.8
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via c
05-12-2013 - 00:15 25-08-2012 - 06:29
CVE-2012-3403 6.8
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
05-12-2013 - 00:15 25-08-2012 - 06:29
CVE-2012-3817 7.8
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote atta
24-11-2013 - 23:27 25-07-2012 - 06:42
CVE-2012-0452 7.5
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger
15-11-2013 - 00:31 10-02-2012 - 21:55
CVE-2012-3980 9.3
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a cr
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3978 6.8
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location objec
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3976 5.8
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3975 4.3
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by provi
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3974 6.9
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3973 7.6
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3972 5.0
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3971 10.0
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vecto
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3970 10.0
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execu
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3969 9.3
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execut
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3968 10.0
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3966 10.0
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3965 9.3
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3964 10.0
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3963 10.0
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3962 9.3
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3961 10.0
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3960 10.0
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote at
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3959 10.0
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attacke
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3958 10.0
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3957 10.0
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to e
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-3956 10.0
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote atta
02-11-2013 - 23:26 29-08-2012 - 06:56
CVE-2012-2214 3.5
proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer req
02-11-2013 - 23:23 03-07-2012 - 15:55
CVE-2012-1976 10.0
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote a
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1975 10.0
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1974 10.0
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1973 10.0
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1972 10.0
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1971 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1970 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2012-1956 4.3
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-si
02-11-2013 - 23:23 29-08-2012 - 06:56
CVE-2011-4939 6.4
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.
02-11-2013 - 23:19 15-03-2012 - 06:55
CVE-2012-1682 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulner
30-10-2013 - 23:24 30-08-2012 - 19:55
CVE-2012-1150 5.0
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU
30-10-2013 - 23:23 05-10-2012 - 17:55
CVE-2012-0845 5.0
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that
30-10-2013 - 23:23 05-10-2012 - 17:55
CVE-2011-4944 1.9
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
30-10-2013 - 23:21 27-08-2012 - 19:55
CVE-2012-4681 10.0
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.be
11-10-2013 - 10:35 27-08-2012 - 20:55
CVE-2012-1798 4.3
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
10-10-2013 - 23:42 05-06-2012 - 18:55
CVE-2012-3489 4.0
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or U
10-10-2013 - 15:23 03-10-2012 - 17:55
CVE-2011-4109 9.3
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
11-09-2013 - 23:19 05-01-2012 - 20:55
CVE-2012-3461 4.3
The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decodi
21-08-2013 - 23:56 20-08-2012 - 15:55
CVE-2012-3365 5.0
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
25-06-2013 - 23:12 20-07-2012 - 06:40
CVE-2012-3967 6.8
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not prope
29-05-2013 - 23:17 29-08-2012 - 06:56
CVE-2012-3401 6.8
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service
29-05-2013 - 23:16 13-08-2012 - 16:55
CVE-2011-3170 5.1
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a
14-05-2013 - 23:20 19-08-2011 - 13:55
CVE-2012-4737 6.0
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before
18-04-2013 - 23:25 31-08-2012 - 10:55
CVE-2012-4404 6.0
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a me
18-04-2013 - 23:24 10-09-2012 - 18:55
CVE-2012-3450 2.6
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bound
18-04-2013 - 23:23 06-08-2012 - 12:55
CVE-2012-3410 4.6
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
18-04-2013 - 23:23 27-08-2012 - 19:55
CVE-2012-3136 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulner
18-04-2013 - 23:22 30-08-2012 - 19:55
CVE-2012-2186 9.0
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asteri
18-04-2013 - 23:21 31-08-2012 - 10:55
CVE-2006-1168 7.5
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
18-04-2013 - 21:52 14-08-2006 - 16:04
CVE-2012-3444 5.0
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (proces
10-04-2013 - 23:29 31-07-2012 - 13:55
CVE-2012-3443 5.0
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploadin
10-04-2013 - 23:29 31-07-2012 - 13:55
CVE-2012-3442 4.3
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site
10-04-2013 - 23:29 31-07-2012 - 13:55
CVE-2012-3482 5.8
Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in
04-04-2013 - 23:12 21-12-2012 - 00:46
CVE-2012-3386 4.4
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vector
04-04-2013 - 23:11 07-08-2012 - 17:55
CVE-2012-3382 4.3
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted nam
04-04-2013 - 23:11 12-07-2012 - 17:55
CVE-2012-2806 6.8
Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG i
04-04-2013 - 23:11 13-08-2012 - 16:55
CVE-2012-2417 4.3
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the privat
04-04-2013 - 23:10 16-06-2012 - 23:41
CVE-2012-1177 5.1
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
04-04-2013 - 23:09 26-08-2012 - 16:55
CVE-2012-1151 5.0
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a cra
04-04-2013 - 23:09 09-09-2012 - 17:55
CVE-2012-1015 9.3
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for
04-04-2013 - 23:08 06-08-2012 - 12:55
CVE-2011-4578 4.6
event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files
04-04-2013 - 23:06 29-08-2012 - 18:55
CVE-2011-3658 7.5
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly hav
14-02-2013 - 23:49 20-12-2011 - 23:02
CVE-2011-4102 4.3
Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file.
06-02-2013 - 23:48 03-11-2011 - 11:55
CVE-2012-1595 4.3
The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Mul
03-01-2013 - 23:37 11-04-2012 - 06:39
CVE-2011-2777 4.4
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable contain
20-12-2012 - 00:00 29-08-2012 - 18:55
CVE-2011-3663 4.3
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
18-12-2012 - 23:44 20-12-2011 - 23:02
CVE-2011-3661 7.5
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
18-12-2012 - 23:44 20-12-2011 - 23:02
CVE-2011-3660 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
18-12-2012 - 23:44 20-12-2011 - 23:02
CVE-2011-3232 9.3
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
18-12-2012 - 23:43 28-09-2011 - 20:55
CVE-2011-3005 9.3
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
18-12-2012 - 23:42 28-09-2011 - 20:55
CVE-2012-0248 4.3
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
26-11-2012 - 23:38 05-06-2012 - 18:55
CVE-2012-0247 9.3
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
26-11-2012 - 23:38 05-06-2012 - 18:55
CVE-2012-2394 3.3
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1)
06-11-2012 - 00:11 30-06-2012 - 06:15
CVE-2012-2393 3.3
epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application cra
06-11-2012 - 00:11 30-06-2012 - 06:15
CVE-2012-2392 3.3
Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors.
06-11-2012 - 00:11 30-06-2012 - 06:15
CVE-2012-1596 5.0
The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containi
06-11-2012 - 00:09 11-04-2012 - 06:39
CVE-2012-1594 3.3
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
06-11-2012 - 00:09 11-04-2012 - 06:39
CVE-2012-0853 6.8
The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote att
30-10-2012 - 00:01 20-08-2012 - 14:55
CVE-2011-3947 6.8
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service
29-10-2012 - 23:57 20-08-2012 - 14:55
CVE-2011-3940 6.8
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read an
29-10-2012 - 23:57 20-08-2012 - 14:55
CVE-2011-3936 4.3
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (ou
29-10-2012 - 23:57 20-08-2012 - 14:55
CVE-2011-3929 6.8
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of ser
29-10-2012 - 23:57 20-08-2012 - 14:55
CVE-2011-3895 7.5
Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
29-10-2012 - 23:57 11-11-2011 - 06:55
CVE-2011-3893 5.0
Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
29-10-2012 - 23:57 11-11-2011 - 06:55
CVE-2011-3892 7.5
Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
29-10-2012 - 23:57 11-11-2011 - 06:55
CVE-2011-3974 5.0
Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an inva
21-08-2012 - 23:30 02-10-2011 - 16:55
CVE-2011-3973 5.0
cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to t
21-08-2012 - 23:30 02-10-2011 - 16:55
CVE-2011-3504 9.3
The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.
21-08-2012 - 23:29 28-09-2011 - 20:55
CVE-2011-4579 4.3
The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 all
21-08-2012 - 13:38 20-08-2012 - 16:55
CVE-2012-0858 6.8
The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (
21-08-2012 - 10:41 20-08-2012 - 14:55
CVE-2011-4364 6.8
Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers t
21-08-2012 - 00:00 20-08-2012 - 16:55
CVE-2011-4353 4.3
The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before
21-08-2012 - 00:00 20-08-2012 - 16:55
CVE-2011-4352 6.8
Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before
21-08-2012 - 00:00 20-08-2012 - 16:55
CVE-2011-3945 6.8
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to
21-08-2012 - 00:00 20-08-2012 - 16:55
CVE-2012-1593 3.3
epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.
13-08-2012 - 23:36 11-04-2012 - 06:39
CVE-2012-1185 9.3
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the R
13-08-2012 - 23:35 05-06-2012 - 18:55
CVE-2012-1174 3.3
The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user
13-08-2012 - 23:35 12-07-2012 - 16:55
CVE-2011-4101 4.3
The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and appli
13-08-2012 - 23:31 03-11-2011 - 11:55
CVE-2011-4100 4.3
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malfo
13-08-2012 - 23:31 03-11-2011 - 11:55
CVE-2011-3484 4.3
The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and applicati
13-08-2012 - 23:30 20-09-2011 - 06:55
CVE-2011-3483 4.3
Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."
13-08-2012 - 23:30 20-09-2011 - 06:55
CVE-2011-3482 4.3
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via
13-08-2012 - 23:30 20-09-2011 - 06:55
CVE-2011-3360 9.3
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
13-08-2012 - 23:30 20-09-2011 - 06:55
CVE-2011-3266 2.6
The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed
13-08-2012 - 23:29 23-08-2011 - 20:55
CVE-2012-0805 7.5
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) selec
15-06-2012 - 00:00 05-06-2012 - 18:55
CVE-2011-3362 6.8
Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application
18-05-2012 - 00:00 02-10-2011 - 16:55
CVE-2011-1528 7.8
The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure an
20-04-2012 - 00:00 20-10-2011 - 17:55
CVE-2011-3665 7.5
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly han
26-01-2012 - 23:02 20-12-2011 - 23:02
CVE-2011-3004 4.3
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a craf
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-3003 10.0
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-3002 9.3
Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-3001 4.3
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-3000 4.3
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote a
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-2999 4.3
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a diffe
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-2998 10.0
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
26-01-2012 - 23:01 30-09-2011 - 06:55
CVE-2011-2997 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitr
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-2995 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application cra
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-2372 3.5
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended ac
26-01-2012 - 23:00 28-09-2011 - 20:55
CVE-2011-3364 6.9
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create
18-01-2012 - 22:59 04-11-2011 - 17:55
CVE-2011-2685 9.3
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
18-01-2012 - 22:58 21-07-2011 - 19:55
CVE-2011-2176 2.1
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
18-01-2012 - 22:57 02-09-2011 - 19:55
CVE-2011-1659 5.0
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted p
18-01-2012 - 22:57 08-04-2011 - 11:17
CVE-2011-1530 6.8
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted
18-01-2012 - 22:56 08-12-2011 - 15:55
CVE-2011-1529 7.8
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of servic
18-01-2012 - 22:56 20-10-2011 - 17:55
CVE-2011-1527 7.8
The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit oper
18-01-2012 - 22:56 20-10-2011 - 17:55
CVE-2011-1781 1.2
SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that perfo
26-10-2011 - 23:25 29-08-2011 - 17:55
CVE-2011-1769 1.2
SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap scrip
26-10-2011 - 23:25 29-08-2011 - 17:55
CVE-2011-2701 5.8
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 clien
21-09-2011 - 23:32 03-08-2011 - 22:45
CVE-2005-0206 7.5
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
21-08-2010 - 00:25 27-04-2005 - 00:00
CVE-2002-2061 7.5
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
10-09-2008 - 15:16 31-12-2002 - 00:00
CVE-2001-1278 7.5
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
10-09-2008 - 15:10 10-10-2001 - 00:00
CVE-2001-1227 7.5
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
10-09-2008 - 15:09 10-10-2001 - 00:00
CVE-2001-0458 7.5
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
10-09-2008 - 15:08 27-06-2001 - 00:00
CVE-2001-0388 10.0
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
10-09-2008 - 15:07 27-06-2001 - 00:00
CVE-2001-0316 4.6
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
10-09-2008 - 15:07 03-05-2001 - 00:00
CVE-2001-0178 2.1
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
10-09-2008 - 15:07 26-03-2001 - 00:00
CVE-2001-0128 7.2
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
10-09-2008 - 15:07 12-03-2001 - 00:00
CVE-2000-1212 5.0
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
10-09-2008 - 15:06 18-12-2000 - 00:00
CVE-2000-1137 4.6
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
10-09-2008 - 15:06 09-01-2001 - 00:00
CVE-2000-1040 10.0
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.
10-09-2008 - 15:06 11-12-2000 - 00:00
CVE-2000-0816 2.1
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
10-09-2008 - 15:05 06-10-2000 - 00:00
CVE-2000-0566 7.2
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
10-09-2008 - 15:05 03-07-2000 - 00:00
CVE-2000-0336 2.1
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
10-09-2008 - 15:04 21-04-2000 - 00:00
CVE-2000-0229 7.2
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
10-09-2008 - 15:03 22-03-2000 - 00:00
CVE-2002-2338 5.0
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of th
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-2314 5.0
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-0703 7.5
An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.
05-09-2008 - 16:28 26-07-2002 - 00:00
CVE-2001-0569 2.1
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
05-09-2008 - 16:24 22-08-2001 - 00:00
CVE-2001-0568 2.1
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
05-09-2008 - 16:24 22-08-2001 - 00:00
CVE-2001-0567 4.6
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
05-09-2008 - 16:24 14-08-2001 - 00:00
CVE-2001-0560 4.6
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
05-09-2008 - 16:24 22-08-2001 - 00:00
CVE-2001-0474 2.1
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
05-09-2008 - 16:24 27-06-2001 - 00:00
CVE-2001-0440 7.5
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
05-09-2008 - 16:24 02-07-2001 - 00:00
CVE-2001-0439 7.5
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
05-09-2008 - 16:24 02-07-2001 - 00:00
CVE-2001-0387 7.2
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
05-09-2008 - 16:23 02-07-2001 - 00:00
CVE-2001-0289 4.6
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to exec
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0279 7.2
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0194 10.0
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0191 10.0
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by usi
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0169 2.1
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library fro
05-09-2008 - 16:23 26-03-2001 - 00:00
CVE-2001-0136 5.0
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
05-09-2008 - 16:23 12-03-2001 - 00:00
CVE-2001-0072 5.0
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2001-0071 2.1
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2001-0067 2.1
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2001-0066 7.2
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.
05-09-2008 - 16:23 16-02-2001 - 00:00
CVE-2001-0050 10.0
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.
05-09-2008 - 16:23 16-02-2001 - 00:00
CVE-2001-0040 2.1
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
05-09-2008 - 16:23 16-02-2001 - 00:00
CVE-2001-0026 5.0
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2000-1211 7.5
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
05-09-2008 - 16:22 16-12-2000 - 00:00
CVE-2000-1169 7.5
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1163 4.6
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which ano
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1162 3.7
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1108 4.6
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1095 7.2
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
05-09-2008 - 16:22 09-01-2001 - 00:00
CVE-2000-1059 7.2
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2000-1043 10.0
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2000-1042 10.0
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2000-1041 10.0
Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.
05-09-2008 - 16:22 11-12-2000 - 00:00
CVE-2000-0974 7.5
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0967 10.0
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0949 7.2
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0948 7.2
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0947 10.0
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0913 5.0
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0909 7.5
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0887 5.0
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0883 5.0
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
05-09-2008 - 16:22 14-11-2000 - 00:00
CVE-2000-0860 5.0
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
05-09-2008 - 16:22 14-11-2000 - 00:00
CVE-2000-0666 10.0
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
05-09-2008 - 16:21 16-07-2000 - 00:00
CVE-2000-0888 5.0
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
12-10-2005 - 00:00 19-12-2000 - 00:00
Back to Top Mark selected
Back to Top