Max CVSS 10.0 Min CVSS 2.6 Total Count109
IDCVSSSummaryLast (major) updatePublished
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
19-02-2017 - 00:21 08-07-2008 - 19:41
CVE-2007-1351 8.5
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflo
19-02-2017 - 00:17 05-04-2007 - 21:19
CVE-2005-2491 7.5
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, whic
15-12-2016 - 21:59 23-08-2005 - 00:00
CVE-2009-3736 6.9
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a T
07-12-2016 - 22:01 29-11-2009 - 08:07
CVE-2009-2409 5.1
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificat
07-12-2016 - 22:01 30-07-2009 - 15:30
CVE-2007-4772 4.0
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted reg
07-12-2016 - 22:00 09-01-2008 - 16:46
CVE-2004-0597 10.0
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transpar
17-10-2016 - 22:46 23-11-2004 - 00:00
CVE-2004-0426 5.0
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
17-10-2016 - 22:45 07-07-2004 - 00:00
CVE-2002-0186 7.5
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
17-10-2016 - 22:16 03-07-2002 - 00:00
CVE-2010-1975 5.5
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove a
22-08-2016 - 22:01 19-05-2010 - 14:30
CVE-2010-1170 6.0
The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltcl_modules table regardless of the tabl
22-08-2016 - 22:01 19-05-2010 - 14:30
CVE-2010-1169 8.5
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with da
22-08-2016 - 22:01 19-05-2010 - 14:30
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
22-08-2016 - 21:59 09-11-2009 - 12:30
CVE-2008-5077 5.8
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
22-08-2016 - 21:59 07-01-2009 - 12:30
CVE-2010-0395 9.3
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro direct
17-11-2015 - 11:00 09-06-2010 - 20:30
CVE-2007-2445 5.0
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
10-11-2015 - 11:33 16-05-2007 - 18:30
CVE-2009-0217 5.0
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
13-11-2014 - 21:59 14-07-2009 - 19:30
CVE-2009-2416 4.3
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
24-10-2014 - 01:42 11-08-2009 - 14:30
CVE-2009-2414 4.3
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related
24-10-2014 - 01:42 11-08-2009 - 14:30
CVE-2007-3102 4.3
Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of the
08-08-2014 - 16:40 18-10-2007 - 16:17
CVE-2013-1715 6.9
Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issu
02-11-2013 - 23:31 06-08-2013 - 21:55
CVE-2013-0078 7.2
The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerabi
02-11-2013 - 23:29 09-04-2013 - 18:55
CVE-2012-1885 9.3
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Se
02-11-2013 - 23:23 13-11-2012 - 19:55
CVE-2008-3532 6.8
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
02-11-2013 - 22:39 08-08-2008 - 15:41
CVE-2008-2957 6.4
The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.
02-11-2013 - 22:38 01-07-2008 - 18:41
CVE-2008-2955 4.3
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
02-11-2013 - 22:38 01-07-2008 - 18:41
CVE-2010-1200 9.3
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and
14-07-2013 - 02:05 24-06-2010 - 08:30
CVE-2009-3235 7.5
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via
06-07-2013 - 02:41 17-09-2009 - 06:30
CVE-2006-5793 2.6
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks tha
04-07-2013 - 01:57 17-11-2006 - 18:07
CVE-2010-1748 4.3
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) char
29-05-2013 - 22:55 17-06-2010 - 12:30
CVE-2007-5269 5.0
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle
14-05-2013 - 22:32 08-10-2007 - 17:17
CVE-2010-1202 9.3
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption a
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2010-1199 9.3
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2010-1198 9.3
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2010-1197 4.3
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2010-1196 9.3
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM nod
05-11-2012 - 23:38 24-06-2010 - 08:30
CVE-2010-1125 5.8
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visi
05-11-2012 - 23:38 26-03-2010 - 16:30
CVE-2010-1121 10.0
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involv
05-11-2012 - 23:38 25-03-2010 - 17:00
CVE-2008-5913 4.9
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier fo
05-11-2012 - 23:13 20-01-2009 - 11:30
CVE-2006-4519 6.8
Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
05-11-2012 - 22:19 10-07-2007 - 14:30
CVE-2008-5507 6.0
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL th
30-10-2012 - 23:07 17-12-2008 - 18:30
CVE-2007-2949 6.8
Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
30-10-2012 - 22:36 04-07-2007 - 11:30
CVE-2007-3103 6.2
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
29-10-2012 - 22:51 15-07-2007 - 18:30
CVE-2009-0688 7.5
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
22-10-2012 - 23:03 15-05-2009 - 11:30
CVE-2010-0182 4.3
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows
14-09-2012 - 13:39 05-04-2010 - 13:30
CVE-2007-0242 4.3
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences t
18-06-2012 - 22:27 03-04-2007 - 12:19
CVE-2011-1982 9.3
Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object
04-06-2012 - 00:00 15-09-2011 - 08:26
CVE-2010-1188 7.1
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is i
19-03-2012 - 00:00 31-03-2010 - 14:00
CVE-2011-4688 5.0
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache
26-01-2012 - 23:03 07-12-2011 - 14:55
CVE-2011-2998 10.0
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
26-01-2012 - 23:01 30-09-2011 - 06:55
CVE-2011-2996 10.0
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
26-01-2012 - 23:01 28-09-2011 - 20:55
CVE-2011-2598 4.3
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.
26-01-2012 - 23:01 30-06-2011 - 11:55
CVE-2011-2370 5.0
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
26-01-2012 - 23:00 30-06-2011 - 12:55
CVE-2011-2369 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
26-01-2012 - 23:00 30-06-2011 - 12:55
CVE-2011-2368 10.0
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
26-01-2012 - 23:00 30-06-2011 - 12:55
CVE-2011-2367 6.4
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service
26-01-2012 - 23:00 30-06-2011 - 12:55
CVE-2011-2016 9.3
Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the curr
26-01-2012 - 23:00 08-11-2011 - 16:55
CVE-2011-0082 4.3
The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untruste
26-01-2012 - 22:56 06-06-2011 - 15:55
CVE-2011-0079 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx
26-01-2012 - 22:56 07-05-2011 - 14:55
CVE-2007-1466 6.8
Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary
11-10-2011 - 00:00 16-03-2007 - 17:19
CVE-2010-3334 9.3
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing a
27-09-2011 - 00:00 09-11-2010 - 22:00
CVE-2010-3333 9.3
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via
21-09-2011 - 23:24 09-11-2010 - 22:00
CVE-2007-2356 6.8
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
28-07-2011 - 00:00 30-04-2007 - 18:19
CVE-2010-4508 10.0
The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.
18-07-2011 - 22:41 09-12-2010 - 15:00
CVE-2010-3399 5.8
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which
18-07-2011 - 22:39 15-09-2010 - 16:00
CVE-2010-3337 9.3
Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3
18-07-2011 - 22:39 09-11-2010 - 22:00
CVE-2010-3335 9.3
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that
18-07-2011 - 22:39 09-11-2010 - 22:00
CVE-2010-3171 5.8
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attac
18-07-2011 - 22:39 15-09-2010 - 16:00
CVE-2010-1986 5.0
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends lon
18-07-2011 - 22:37 20-05-2010 - 13:30
CVE-2010-1122 10.0
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a d
18-07-2011 - 22:35 25-03-2010 - 18:30
CVE-2010-0648 4.3
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the do
18-07-2011 - 22:34 18-02-2010 - 13:00
CVE-2010-2563 9.3
The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted
18-07-2011 - 00:00 15-09-2010 - 15:00
CVE-2007-4575 9.3
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
12-05-2011 - 00:00 05-12-2007 - 21:46
CVE-2008-4841 9.3
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corrupti
07-03-2011 - 22:13 10-12-2008 - 09:00
CVE-2008-2936 6.2
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creatin
07-03-2011 - 22:09 18-08-2008 - 15:41
CVE-2008-2361 6.8
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calcul
07-03-2011 - 22:09 16-06-2008 - 15:41
CVE-2008-2360 9.0
Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, whi
07-03-2011 - 22:09 16-06-2008 - 15:41
CVE-2008-1950 5.0