Max CVSS | 10.0 | Min CVSS | 1.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-2502 | 9.3 |
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3
|
21-10-2024 - 17:35 | 14-10-2009 - 10:30 | |
CVE-2012-5838 | 9.3 |
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicat
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-5843 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5599 | 10.0 |
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderb
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5590 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote atta
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5595 | 4.3 |
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified func
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5602 | 10.0 |
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allo
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5841 | 4.3 |
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write acti
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-5829 | 9.3 |
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5596 | 6.8 |
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attac
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5601 | 10.0 |
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey bef
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5840 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-5833 | 9.3 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5597 | 10.0 |
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5603 | 10.0 |
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitr
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5842 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5598 | 8.3 |
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by u
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5591 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application c
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5835 | 10.0 |
Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or caus
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2013-5604 | 9.3 |
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not pro
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5600 | 10.0 |
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonke
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2013-5593 | 4.3 |
The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote
|
21-10-2024 - 13:55 | 30-10-2013 - 10:55 | |
CVE-2012-5839 | 9.3 |
Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4187 | 9.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary c
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4186 | 9.3 |
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3956 | 10.0 |
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote atta
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4214 | 9.3 |
Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attac
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3978 | 6.8 |
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location objec
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3994 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Obj
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3980 | 9.3 |
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a cr
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4213 | 9.3 |
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4209 | 4.3 |
Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which make
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4195 | 4.3 |
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and prin
|
21-10-2024 - 13:55 | 29-10-2012 - 18:55 | |
CVE-2012-4188 | 9.3 |
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3991 | 9.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to by
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3988 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code v
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4183 | 9.3 |
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attacke
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3969 | 9.3 |
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execut
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3966 | 10.0 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3963 | 10.0 |
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4215 | 9.3 |
Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4182 | 9.3 |
Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4181 | 9.3 |
Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote atta
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4179 | 9.3 |
Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote att
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3961 | 10.0 |
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3957 | 10.0 |
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to e
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4216 | 9.3 |
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to exe
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3990 | 9.3 |
Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to exe
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4206 | 6.9 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3982 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4180 | 9.3 |
Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote a
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4202 | 9.3 |
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attacker
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3974 | 6.9 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3960 | 10.0 |
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote at
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3958 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4210 | 9.3 |
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbi
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-4193 | 6.8 |
Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, w
|
21-10-2024 - 13:55 | 12-10-2012 - 10:44 | |
CVE-2012-3986 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote a
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3992 | 4.3 |
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XS
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3962 | 9.3 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4196 | 6.4 |
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a pro
|
21-10-2024 - 13:55 | 29-10-2012 - 18:55 | |
CVE-2012-4194 | 4.3 |
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location),
|
21-10-2024 - 13:55 | 29-10-2012 - 18:55 | |
CVE-2012-3970 | 10.0 |
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execu
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3964 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4185 | 9.3 |
Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary c
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-4201 | 4.3 |
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3976 | 4.3 |
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3959 | 10.0 |
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attacke
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-3105 | 9.3 |
The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspe
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-4184 | 4.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3995 | 9.3 |
The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a den
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3993 | 9.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallT
|
21-10-2024 - 13:55 | 10-10-2012 - 17:55 | |
CVE-2012-3972 | 5.0 |
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-4207 | 4.3 |
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in pro
|
21-10-2024 - 13:55 | 21-11-2012 - 12:55 | |
CVE-2012-3968 | 10.0 |
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitra
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1714 | 4.3 |
The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remo
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1707 | 7.2 |
Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2012-1976 | 10.0 |
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote a
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1681 | 10.0 |
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbi
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2012-1972 | 10.0 |
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1674 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event d
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1722 | 9.3 |
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey befor
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-0799 | 7.2 |
Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted argument
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-0793 | 4.3 |
Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote atta
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2012-1973 | 10.0 |
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1684 | 9.3 |
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote at
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-0800 | 6.8 |
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, Se
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-1693 | 4.3 |
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy a
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1692 | 4.3 |
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1725 | 6.8 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1694 | 7.5 |
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to caus
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1687 | 9.3 |
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2012-1967 | 10.0 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to e
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1965 | 4.3 |
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascr
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1736 | 10.0 |
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or caus
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-0791 | 5.0 |
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other pr
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-1726 | 6.2 |
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain pr
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2012-1954 | 10.0 |
Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attacker
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1951 | 10.0 |
Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows rem
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1672 | 6.9 |
The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via v
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1730 | 6.8 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers t
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1710 | 10.0 |
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript c
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1697 | 9.3 |
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote atta
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1675 | 4.3 |
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale funct
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2011-3062 | 6.8 |
Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.
|
21-10-2024 - 13:55 | 30-03-2012 - 22:55 | |
CVE-2012-1974 | 10.0 |
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2013-1706 | 7.2 |
Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain priv
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1682 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory c
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2012-1966 | 4.3 |
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1962 | 10.0 |
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote at
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1941 | 9.3 |
Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 al
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1940 | 9.3 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attack
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1961 | 4.3 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier fo
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1717 | 5.4 |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1676 | 10.0 |
The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of se
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2012-1950 | 6.4 |
The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load.
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1670 | 4.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-0788 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2013-1701 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-1686 | 10.0 |
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or caus
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1679 | 10.0 |
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute a
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1713 | 4.3 |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, wh
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2012-1959 | 5.0 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-c
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1718 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1709 | 4.3 |
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attac
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2013-0795 | 10.0 |
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for clo
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2012-1970 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-1958 | 9.3 |
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remot
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-0801 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory c
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-0797 | 6.9 |
Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges
|
21-10-2024 - 13:55 | 03-04-2013 - 11:56 | |
CVE-2012-1975 | 10.0 |
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to exe
|
21-10-2024 - 13:55 | 29-08-2012 - 10:56 | |
CVE-2012-1963 | 4.3 |
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings pl
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2013-1680 | 10.0 |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code o
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1678 | 10.0 |
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of servic
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-0783 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-1737 | 5.0 |
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, w
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1735 | 9.3 |
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attac
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2013-1712 | 6.9 |
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, W
|
21-10-2024 - 13:55 | 07-08-2013 - 01:55 | |
CVE-2012-1964 | 4.0 |
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey be
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1948 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to caus
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1953 | 9.3 |
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a den
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1952 | 9.3 |
The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame varia
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1944 | 4.3 |
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, wh
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1955 | 6.8 |
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and hi
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1946 | 9.3 |
Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow r
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-1732 | 9.3 |
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbi
|
21-10-2024 - 13:55 | 18-09-2013 - 10:08 | |
CVE-2012-1937 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to caus
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-1677 | 10.0 |
The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of ser
|
21-10-2024 - 13:55 | 16-05-2013 - 11:45 | |
CVE-2013-1690 | 9.3 |
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2013-1685 | 9.3 |
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary co
|
21-10-2024 - 13:55 | 26-06-2013 - 03:19 | |
CVE-2012-1957 | 4.3 |
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within descri
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1947 | 9.3 |
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2012-1945 | 2.9 |
Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-0782 | 9.3 |
Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote att
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0766 | 9.3 |
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Sea
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0451 | 4.3 |
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0745 | 9.3 |
The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows rem
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0744 | 9.3 |
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 a
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0758 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScri
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0464 | 7.5 |
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 all
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2012-0470 | 10.0 |
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0784 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0768 | 9.3 |
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbit
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0761 | 9.3 |
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows rem
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0756 | 9.3 |
Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbi
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0747 | 6.8 |
The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0456 | 5.0 |
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote atta
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0787 | 9.3 |
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey
|
21-10-2024 - 13:55 | 11-03-2013 - 10:55 | |
CVE-2013-0767 | 10.0 |
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0748 | 4.3 |
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes i
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0775 | 9.3 |
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0471 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web s
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0462 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0755 | 9.3 |
Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remot
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0750 | 9.3 |
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0781 | 9.3 |
Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory c
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0753 | 9.3 |
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0780 | 9.3 |
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0779 | 9.3 |
The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vect
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0441 | 5.0 |
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey b
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2013-0764 | 9.3 |
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, wh
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0759 | 5.0 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0760 | 9.3 |
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0749 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a deni
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0746 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the js
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0467 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0458 | 6.8 |
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through th
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0762 | 9.3 |
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and Se
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0777 | 9.3 |
Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memo
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0461 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0776 | 4.0 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0773 | 9.3 |
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modi
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0473 | 5.0 |
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0474 | 4.3 |
Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote atta
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0754 | 9.3 |
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaM
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0477 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbit
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0479 | 4.3 |
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) A
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0459 | 7.5 |
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0763 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0757 | 9.3 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0469 | 10.0 |
Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMo
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0778 | 9.3 |
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2012-0478 | 9.3 |
The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_O
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2013-0771 | 9.3 |
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote a
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0454 | 7.5 |
Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to caus
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2012-0460 | 6.4 |
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote at
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0774 | 4.3 |
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspeci
|
21-10-2024 - 13:55 | 19-02-2013 - 23:55 | |
CVE-2013-0770 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2013-0769 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey be
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0472 | 9.3 |
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations a
|
21-10-2024 - 13:55 | 25-04-2012 - 10:10 | |
CVE-2012-0457 | 9.3 |
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2013-0752 | 9.3 |
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi
|
21-10-2024 - 13:55 | 13-01-2013 - 20:55 | |
CVE-2012-0463 | 7.5 |
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2012-0455 | 4.3 |
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on java
|
21-10-2024 - 13:55 | 14-03-2012 - 19:55 | |
CVE-2010-0820 | 9.0 |
Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP S
|
17-10-2024 - 21:35 | 15-09-2010 - 19:00 | |
CVE-2010-0047 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."
|
15-10-2024 - 21:35 | 15-03-2010 - 13:28 | |
CVE-2010-0048 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
|
15-10-2024 - 21:35 | 15-03-2010 - 13:28 | |
CVE-2011-0611 | 9.3 |
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on W
|
13-08-2024 - 18:58 | 13-04-2011 - 14:55 | |
CVE-2011-3640 | 7.1 |
Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE:
|
07-08-2024 - 00:15 | 28-10-2011 - 02:49 | |
CVE-2011-1889 | 10.0 |
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulne
|
24-07-2024 - 14:30 | 16-06-2011 - 20:55 | |
CVE-2010-3333 | 9.3 |
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via
|
16-07-2024 - 17:38 | 10-11-2010 - 03:00 | |
CVE-2012-1723 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrit
|
16-07-2024 - 17:38 | 16-06-2012 - 21:55 | |
CVE-2010-0188 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
16-07-2024 - 17:30 | 22-02-2010 - 13:00 | |
CVE-2009-3129 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
16-07-2024 - 17:18 | 11-11-2009 - 19:30 | |
CVE-2012-2539 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RT
|
09-07-2024 - 18:23 | 12-12-2012 - 00:55 | |
CVE-2011-2462 | 10.0 |
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory
|
28-06-2024 - 14:21 | 07-12-2011 - 19:55 | |
CVE-2009-4324 | 9.3 |
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZL
|
28-06-2024 - 14:20 | 15-12-2009 - 02:30 | |
CVE-2009-3953 | 10.0 |
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMe
|
28-06-2024 - 14:20 | 13-01-2010 - 19:30 | |
CVE-2010-1297 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a den
|
28-06-2024 - 14:20 | 08-06-2010 - 18:30 | |
CVE-2011-0609 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9
|
28-06-2024 - 14:20 | 15-03-2011 - 17:55 | |
CVE-2010-2883 | 9.3 |
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF documen
|
28-06-2024 - 14:16 | 09-09-2010 - 22:00 | |
CVE-2009-0557 | 9.3 |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office
|
28-06-2024 - 14:15 | 10-06-2009 - 18:30 | |
CVE-2009-0563 | 9.3 |
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Mi
|
28-06-2024 - 14:15 | 10-06-2009 - 18:00 | |
CVE-2009-0521 | 4.6 |
Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.
|
17-05-2024 - 17:38 | 26-02-2009 - 16:17 | |
CVE-2010-3640 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:28 | 07-11-2010 - 22:00 | |
CVE-2010-3636 | 9.3 |
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote w
|
17-05-2024 - 17:27 | 07-11-2010 - 22:00 | |
CVE-2010-3639 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unkn
|
17-05-2024 - 17:27 | 07-11-2010 - 22:00 | |
CVE-2010-3650 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:18 | 07-11-2010 - 22:00 | |
CVE-2010-3648 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:17 | 07-11-2010 - 22:00 | |
CVE-2010-3649 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:17 | 07-11-2010 - 22:00 | |
CVE-2010-3647 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:17 | 07-11-2010 - 22:00 | |
CVE-2010-3646 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:12 | 07-11-2010 - 22:00 | |
CVE-2010-3644 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:11 | 07-11-2010 - 22:00 | |
CVE-2010-3645 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:11 | 07-11-2010 - 22:00 | |
CVE-2010-3643 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:10 | 07-11-2010 - 22:00 | |
CVE-2010-3642 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:10 | 07-11-2010 - 22:00 | |
CVE-2010-3641 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:08 | 07-11-2010 - 22:00 | |
CVE-2012-5611 | 6.5 |
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before
|
17-05-2024 - 16:55 | 03-12-2012 - 12:49 | |
CVE-2010-3652 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 16:54 | 07-11-2010 - 22:00 | |
CVE-2013-2465 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
26-04-2024 - 16:07 | 18-06-2013 - 22:55 | |
CVE-2012-5076 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
|
26-04-2024 - 16:07 | 16-10-2012 - 21:55 | |
CVE-2013-2423 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is
|
26-04-2024 - 16:07 | 17-04-2013 - 18:55 | |
CVE-2013-0431 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Iss
|
26-04-2024 - 16:07 | 31-01-2013 - 14:55 | |
CVE-2003-0907 | 5.1 |
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr
|
13-02-2024 - 18:00 | 01-06-2004 - 04:00 | |
CVE-2009-3046 | 5.0 |
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.
|
09-02-2024 - 03:18 | 02-09-2009 - 17:30 | |
CVE-2010-2753 | 9.3 |
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a X
|
03-02-2024 - 02:26 | 30-07-2010 - 20:30 | |
CVE-2010-0050 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
|
03-02-2024 - 02:24 | 15-03-2010 - 14:15 | |
CVE-2010-0378 | 9.3 |
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memo
|
03-02-2024 - 02:21 | 21-01-2010 - 23:30 | |
CVE-2010-1772 | 6.8 |
Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web
|
02-02-2024 - 16:27 | 24-09-2010 - 19:00 | |
CVE-2010-1208 | 9.3 |
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors rel
|
02-02-2024 - 16:10 | 30-07-2010 - 20:30 | |
CVE-2003-1048 | 10.0 |
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
|
02-02-2024 - 15:23 | 27-07-2004 - 04:00 | |
CVE-2003-0545 | 10.0 |
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
|
02-02-2024 - 15:23 | 17-11-2003 - 05:00 | |
CVE-2009-2540 | 4.3 |
Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
|
02-02-2024 - 03:07 | 20-07-2009 - 18:30 | |
CVE-2010-4577 | 5.0 |
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS
|
02-02-2024 - 02:39 | 22-12-2010 - 01:00 | |
CVE-2010-0258 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP
|
02-02-2024 - 02:38 | 10-03-2010 - 22:30 | |
CVE-2013-2168 | 1.9 |
The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.
|
27-12-2023 - 16:36 | 03-07-2013 - 18:55 | |
CVE-2013-1315 | 9.3 |
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to exec
|
03-10-2023 - 15:37 | 11-09-2013 - 14:03 | |
CVE-2013-0169 | 2.6 |
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
|
12-05-2023 - 12:58 | 08-02-2013 - 19:55 | |
CVE-2010-4252 | 7.5 |
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending cra
|
13-02-2023 - 04:28 | 06-12-2010 - 21:05 | |
CVE-2010-2068 | 5.0 |
mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows rem
|
13-02-2023 - 04:19 | 18-06-2010 - 16:30 | |
CVE-2009-3555 | 5.8 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
|
13-02-2023 - 02:20 | 09-11-2009 - 17:30 | |
CVE-2009-4030 | 4.4 |
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks
|
13-02-2023 - 02:20 | 30-11-2009 - 17:30 | |
CVE-2009-1308 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in
|
13-02-2023 - 02:20 | 22-04-2009 - 18:30 | |
CVE-2009-0771 | 10.0 |
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a
|
13-02-2023 - 02:19 | 05-03-2009 - 02:30 | |
CVE-2013-1896 | 4.3 |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han
|
13-02-2023 - 00:28 | 10-07-2013 - 20:55 | |
CVE-2012-0753 | 9.3 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
|
30-01-2023 - 18:01 | 16-02-2012 - 19:55 | |
CVE-2012-0751 | 10.0 |
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
30-01-2023 - 18:01 | 16-02-2012 - 19:55 | |
CVE-2012-0767 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attac
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2012-0752 | 9.3 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2012-0756 | 9.3 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2012-0755 | 9.3 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via uns
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2012-0754 | 9.3 |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of
|
30-01-2023 - 18:00 | 16-02-2012 - 19:55 | |
CVE-2012-0773 | 9.3 |
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x;
|
30-01-2023 - 18:00 | 28-03-2012 - 19:55 | |
CVE-2013-0879 | 7.5 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified othe
|
30-01-2023 - 15:01 | 23-02-2013 - 21:55 | |
CVE-2013-0899 | 5.0 |
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products
|
24-01-2023 - 02:48 | 23-02-2013 - 21:55 | |
CVE-2013-0880 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databas
|
24-01-2023 - 01:50 | 23-02-2013 - 21:55 | |
CVE-2013-0898 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.
|
24-01-2023 - 01:46 | 23-02-2013 - 21:55 | |
CVE-2013-5829 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
21-12-2022 - 15:35 | 16-10-2013 - 17:55 | |
CVE-2013-5830 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
21-12-2022 - 15:33 | 16-10-2013 - 17:55 | |
CVE-2013-5842 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
21-12-2022 - 15:32 | 16-10-2013 - 17:55 | |
CVE-2013-5843 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and ava
|
21-12-2022 - 15:28 | 16-10-2013 - 17:55 | |
CVE-2013-0900 | 6.8 |
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspe
|
18-11-2022 - 20:17 | 23-02-2013 - 21:55 | |
CVE-2013-0897 | 4.3 |
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.
|
18-11-2022 - 20:17 | 23-02-2013 - 21:55 | |
CVE-2013-0896 | 7.5 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified
|
18-11-2022 - 20:03 | 23-02-2013 - 21:55 | |
CVE-2013-0893 | 6.8 |
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
|
18-11-2022 - 20:03 | 23-02-2013 - 21:55 | |
CVE-2013-0892 | 7.5 |
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vector
|
18-11-2022 - 20:02 | 23-02-2013 - 21:55 | |
CVE-2013-0891 | 7.5 |
Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.
|
18-11-2022 - 20:02 | 23-02-2013 - 21:55 | |
CVE-2013-0885 | 7.5 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
|
18-11-2022 - 19:59 | 23-02-2013 - 21:55 | |
CVE-2013-0884 | 6.8 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
|
18-11-2022 - 19:59 | 23-02-2013 - 21:55 | |
CVE-2013-0887 | 7.5 |
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vect
|
18-11-2022 - 19:41 | 23-02-2013 - 21:55 | |
CVE-2013-0882 | 7.5 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters
|
18-11-2022 - 17:55 | 23-02-2013 - 21:55 | |
CVE-2013-0883 | 5.0 |
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
|
18-11-2022 - 17:55 | 23-02-2013 - 21:55 | |
CVE-2013-0881 | 5.0 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
|
18-11-2022 - 17:52 | 23-02-2013 - 21:55 | |
CVE-2013-0889 | 6.8 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbit
|
18-11-2022 - 17:49 | 23-02-2013 - 21:55 | |
CVE-2013-0890 | 7.5 |
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impac
|
18-11-2022 - 17:49 | 23-02-2013 - 21:55 | |
CVE-2013-0888 | 5.0 |
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file do
|
18-11-2022 - 17:47 | 23-02-2013 - 21:55 | |
CVE-2011-3348 | 4.3 |
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP r
|
19-09-2022 - 19:49 | 20-09-2011 - 05:55 | |
CVE-2011-3192 | 7.8 |
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as e
|
19-09-2022 - 19:49 | 29-08-2011 - 15:55 | |
CVE-2012-5096 | 3.5 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
|
16-09-2022 - 19:53 | 17-01-2013 - 01:55 | |
CVE-2010-2179 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecifi
|
15-09-2022 - 13:29 | 15-06-2010 - 18:00 | |
CVE-2013-1862 | 5.1 |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containi
|
14-09-2022 - 19:50 | 10-06-2013 - 17:55 | |
CVE-2013-0383 | 4.3 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
|
29-08-2022 - 20:49 | 17-01-2013 - 01:55 | |
CVE-2012-0574 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
|
26-08-2022 - 20:32 | 17-01-2013 - 01:55 | |
CVE-2012-0572 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
|
26-08-2022 - 20:32 | 17-01-2013 - 01:55 | |
CVE-2012-1705 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
|
26-08-2022 - 20:31 | 17-01-2013 - 01:55 | |
CVE-2012-0578 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
|
26-08-2022 - 20:31 | 17-01-2013 - 01:55 | |
CVE-2013-0367 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
|
26-08-2022 - 16:23 | 17-01-2013 - 01:55 | |
CVE-2013-0368 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
|
26-08-2022 - 16:23 | 17-01-2013 - 01:55 | |
CVE-2013-0371 | 4.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
|
26-08-2022 - 16:23 | 17-01-2013 - 01:55 | |
CVE-2009-1724 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors r
|
09-08-2022 - 13:48 | 09-07-2009 - 17:30 | |
CVE-2009-1725 | 9.3 |
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character
|
09-08-2022 - 13:48 | 09-07-2009 - 17:30 | |
CVE-2010-1387 | 9.3 |
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi
|
09-08-2022 - 13:48 | 18-06-2010 - 16:30 | |
CVE-2010-4180 | 4.3 |
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an uninte
|
04-08-2022 - 19:59 | 06-12-2010 - 21:05 | |
CVE-2012-1702 | 5.0 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
|
04-08-2022 - 19:55 | 17-01-2013 - 01:55 | |
CVE-2012-5612 | 6.5 |
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute ar
|
20-07-2022 - 16:24 | 03-12-2012 - 12:49 | |
CVE-2013-0375 | 5.5 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
|
19-07-2022 - 16:22 | 17-01-2013 - 01:55 | |
CVE-2013-0385 | 6.6 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
|
18-07-2022 - 17:53 | 17-01-2013 - 01:55 | |
CVE-2013-0389 | 6.8 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
|
30-06-2022 - 19:53 | 17-01-2013 - 01:55 | |
CVE-2013-0384 | 6.8 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
|
30-06-2022 - 19:52 | 17-01-2013 - 01:55 | |
CVE-2013-0386 | 6.8 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
|
30-06-2022 - 19:52 | 17-01-2013 - 01:55 | |
CVE-2011-4372 | 7.5 |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and
|
03-06-2022 - 17:21 | 10-01-2012 - 21:55 | |
CVE-2011-4373 | 7.5 |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and
|
03-06-2022 - 15:50 | 10-01-2012 - 21:55 | |
CVE-2013-5817 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors relat
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5810 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5804 | 6.4 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unkno
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5806 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5778 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5840 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5805 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5846 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5832 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5787 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5783 | 6.4 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to S
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5844 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5831 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5789 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5820 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5803 | 2.6 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect avai
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5802 | 7.5 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5812 | 6.4 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5854 | 2.6 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.
|
13-05-2022 - 14:57 | 16-10-2013 - 18:55 | |
CVE-2013-5784 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5819 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5777 | 9.3 |
Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerabil
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5782 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5824 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5775 | 7.5 |
Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerabil
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5774 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5851 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
|
13-05-2022 - 14:57 | 16-10-2013 - 18:55 | |
CVE-2013-5848 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5788 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5850 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5818 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5801 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5780 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5772 | 2.6 |
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5849 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5809 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5790 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5852 | 7.6 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
|
13-05-2022 - 14:57 | 16-10-2013 - 18:55 | |
CVE-2013-5800 | 4.3 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5797 | 3.5 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect in
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5776 | 5.0 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors relat
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-5823 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5814 | 10.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors relat
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-5825 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect avai
|
13-05-2022 - 14:57 | 16-10-2013 - 17:55 | |
CVE-2013-3829 | 6.4 |
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia
|
13-05-2022 - 14:57 | 16-10-2013 - 15:55 | |
CVE-2013-2466 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2424 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via ve
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-2469 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2418 | 4.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to D
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-2435 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-2447 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2012-5071 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX
|
13-05-2022 - 14:53 | 16-10-2012 - 21:55 | |
CVE-2013-2455 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2444 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect av
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2407 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors rel
|
13-05-2022 - 14:53 | 18-06-2013 - 22:55 | |
CVE-2013-2384 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:53 | 17-04-2013 - 18:55 | |
CVE-2013-1475 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2012-1711 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrit
|
13-05-2022 - 14:53 | 16-06-2012 - 21:55 | |
CVE-2013-1481 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknow
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2012-1725 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
13-05-2022 - 14:53 | 16-06-2012 - 21:55 | |
CVE-2013-0438 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2013-0432 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:53 | 02-02-2013 - 00:55 | |
CVE-2012-3216 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unk
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5079 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown v
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2432 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2422 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via u
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-5085 | 0.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5075 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5069 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vec
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2454 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrit
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2445 | 7.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2452 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2450 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2412 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceab
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2383 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-3159 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5077 | 2.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unk
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-3143 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability,
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5083 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2442 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2419 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-3743 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AW
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2430 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affe
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2420 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-5089 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability,
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2451 | 3.7 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vect
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2417 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-5072 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2471 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2470 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2437 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2012-5073 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown v
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-5068 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2473 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2012-5084 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integr
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2443 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2012-3342 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-2433 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-2472 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2464 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2457 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors relate
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2453 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2468 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2459 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2012-3213 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scri
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-5086 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2463 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2440 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-5081 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related t
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2456 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2446 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-2394 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-4416 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2013-2448 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2012-1716 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-1473 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-1721 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-1480 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-1531 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to a
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-1713 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect c
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-1557 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-1722 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1718 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-1500 | 3.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-1478 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1537 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1571 | 4.3 |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
|
13-05-2022 - 14:52 | 18-06-2013 - 22:55 | |
CVE-2013-1479 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unkn
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1476 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-1558 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1540 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1569 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2013-1518 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
|
13-05-2022 - 14:52 | 17-04-2013 - 18:55 | |
CVE-2012-1532 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-1719 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to COR
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1533 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
13-05-2022 - 14:52 | 16-10-2012 - 21:55 | |
CVE-2012-1720 | 3.7 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect conf
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2012-1541 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-1724 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.
|
13-05-2022 - 14:52 | 16-06-2012 - 21:55 | |
CVE-2013-0445 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0442 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0427 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0435 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0450 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0423 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0443 | 4.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0428 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0434 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0433 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0429 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0419 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2012-0551 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows
|
13-05-2022 - 14:52 | 03-05-2012 - 18:55 | |
CVE-2013-0425 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0409 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0441 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0426 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0446 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0440 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via v
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0430 | 6.9 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the inst
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0424 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vect
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-0351 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
|
13-05-2022 - 14:52 | 02-02-2013 - 00:55 | |
CVE-2013-2467 | 6.9 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
|
13-05-2022 - 14:49 | 18-06-2013 - 22:55 | |
CVE-2013-2461 | 7.5 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and
|
13-05-2022 - 14:35 | 18-06-2013 - 22:55 | |
CVE-2009-3832 | 5.8 |
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
|
01-03-2022 - 15:08 | 30-10-2009 - 20:30 | |
CVE-2009-3831 | 9.3 |
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
|
01-03-2022 - 15:07 | 30-10-2009 - 20:30 | |
CVE-2009-0915 | 6.8 |
Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.
|
01-03-2022 - 15:06 | 16-03-2009 - 19:30 | |
CVE-2009-3270 | 5.0 |
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
28-02-2022 - 17:00 | 18-09-2009 - 22:30 | |
CVE-2009-3267 | 5.0 |
Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
28-02-2022 - 16:59 | 18-09-2009 - 22:30 | |
CVE-2008-4019 | 9.3 |
Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold
|
09-02-2022 - 19:22 | 15-10-2008 - 00:12 | |
CVE-2008-3471 | 9.3 |
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; O
|
09-02-2022 - 19:22 | 15-10-2008 - 00:12 | |
CVE-2009-2816 | 6.8 |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight,
|
08-11-2021 - 21:43 | 13-11-2009 - 15:30 | |
CVE-2011-4370 | 7.5 |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and
|
22-09-2021 - 14:22 | 10-01-2012 - 21:55 | |
CVE-2011-4371 | 7.5 |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
|
22-09-2021 - 14:22 | 10-01-2012 - 21:55 | |
CVE-2010-4487 | 7.5 |
Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."
|
08-09-2021 - 17:19 | 07-12-2010 - 21:00 | |
CVE-2010-3414 | 10.0 |
Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists beca
|
08-09-2021 - 17:19 | 16-09-2010 - 21:00 | |
CVE-2011-1305 | 6.8 |
Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.
|
08-09-2021 - 17:19 | 03-05-2011 - 22:55 | |
CVE-2010-2657 | 9.3 |
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypas
|
08-09-2021 - 17:19 | 08-07-2010 - 12:54 | |
CVE-2011-0782 | 5.0 |
Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors.
|
08-09-2021 - 17:19 | 04-02-2011 - 18:00 | |
CVE-2011-0776 | 5.0 |
The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call.
|
08-09-2021 - 17:19 | 04-02-2011 - 18:00 | |
CVE-2012-0724 | 9.3 |
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.
|
08-09-2021 - 17:19 | 06-04-2012 - 20:55 | |
CVE-2012-0725 | 9.3 |
Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.
|
08-09-2021 - 17:19 | 06-04-2012 - 20:55 | |
CVE-2011-4374 | 9.3 |
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
|
08-09-2021 - 17:19 | 19-01-2012 - 19:55 | |
CVE-2012-1858 | 4.3 |
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduc
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
CVE-2004-0549 | 10.0 |
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying
|
23-07-2021 - 15:12 | 06-08-2004 - 04:00 | |
CVE-2007-0219 | 10.0 |
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue th
|
23-07-2021 - 15:05 | 13-02-2007 - 23:28 | |
CVE-2005-2087 | 5.0 |
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedd
|
23-07-2021 - 15:04 | 05-07-2005 - 04:00 | |
CVE-2005-1211 | 5.1 |
Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.
|
23-07-2021 - 15:03 | 14-06-2005 - 04:00 | |
CVE-2004-0727 | 7.5 |
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to
|
23-07-2021 - 15:02 | 27-07-2004 - 04:00 | |
CVE-2003-0309 | 7.5 |
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple
|
23-07-2021 - 15:02 | 09-06-2003 - 04:00 | |
CVE-2002-0027 | 7.5 |
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Ver
|
23-07-2021 - 12:55 | 08-03-2002 - 05:00 | |
CVE-2002-0648 | 5.0 |
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
|
23-07-2021 - 12:55 | 24-09-2002 - 04:00 | |
CVE-2002-0190 | 7.5 |
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerabilit
|
23-07-2021 - 12:55 | 29-05-2002 - 04:00 | |
CVE-2002-1254 | 7.5 |
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2002-1217 | 7.5 |
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Docu
|
23-07-2021 - 12:55 | 28-10-2002 - 05:00 | |
CVE-2002-1187 | 6.8 |
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting,
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2002-0022 | 7.5 |
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings
|
23-07-2021 - 12:55 | 08-03-2002 - 05:00 | |
CVE-2002-1188 | 6.4 |
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security chec
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2002-1185 | 5.0 |
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes duri
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2002-1186 | 5.0 |
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site tha
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
CVE-2005-0055 | 7.5 |
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2003-0814 | 7.5 |
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJP
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2004-0842 | 7.5 |
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based b
|
23-07-2021 - 12:55 | 23-12-2004 - 05:00 | |
CVE-2005-0555 | 7.5 |
Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
|
23-07-2021 - 12:55 | 12-04-2005 - 04:00 | |
CVE-2003-1025 | 4.3 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka
|
23-07-2021 - 12:55 | 20-01-2004 - 05:00 | |
CVE-2003-0817 | 7.5 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2001-0875 | 7.5 |
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
|
23-07-2021 - 12:55 | 26-11-2001 - 05:00 | |
CVE-2001-0727 | 7.5 |
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, ak
|
23-07-2021 - 12:55 | 14-12-2001 - 05:00 | |
CVE-2005-0554 | 7.5 |
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption V
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2003-0815 | 7.5 |
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2003-1041 | 7.5 |
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it
|
23-07-2021 - 12:55 | 14-06-2004 - 04:00 | |
CVE-2004-0839 | 5.0 |
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities
|
23-07-2021 - 12:55 | 18-08-2004 - 04:00 | |
CVE-2003-1027 | 10.0 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as de
|
23-07-2021 - 12:55 | 20-01-2004 - 05:00 | |
CVE-2003-1026 | 9.3 |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is c
|
23-07-2021 - 12:55 | 20-01-2004 - 05:00 | |
CVE-2003-0114 | 5.0 |
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
|
23-07-2021 - 12:55 | 12-05-2003 - 04:00 | |
CVE-2003-0816 | 7.5 |
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file:
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2003-0344 | 7.5 |
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
|
23-07-2021 - 12:55 | 16-06-2003 - 04:00 | |
CVE-2003-0113 | 7.5 |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
|
23-07-2021 - 12:55 | 12-05-2003 - 04:00 | |
CVE-2005-0553 | 5.1 |
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corrupt
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2003-0233 | 7.5 |
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
|
23-07-2021 - 12:55 | 12-05-2003 - 04:00 | |
CVE-2003-0823 | 7.5 |
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
|
23-07-2021 - 12:55 | 03-02-2004 - 05:00 | |
CVE-2004-0841 | 5.0 |
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerabi
|
23-07-2021 - 12:55 | 23-12-2004 - 05:00 | |
CVE-2005-0053 | 7.5 |
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2005-0056 | 5.1 |
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cro
|
23-07-2021 - 12:18 | 02-05-2005 - 04:00 | |
CVE-2005-1988 | 5.1 |
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2005-1990 | 5.1 |
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, inc
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2004-0845 | 6.4 |
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the us
|
23-07-2021 - 12:18 | 03-11-2004 - 05:00 | |
CVE-2004-0843 | 5.0 |
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulner
|
23-07-2021 - 12:18 | 03-11-2004 - 05:00 | |
CVE-2005-0054 | 5.1 |
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to gene
|
23-07-2021 - 12:18 | 02-05-2005 - 04:00 | |
CVE-2005-1989 | 7.5 |
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2004-0216 | 10.0 |
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when ca
|
23-07-2021 - 12:18 | 03-11-2004 - 05:00 | |
CVE-2008-3013 | 9.3 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
|
23-07-2021 - 12:17 | 11-09-2008 - 01:11 | |
CVE-2010-0010 | 6.8 |
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary co
|
06-06-2021 - 11:15 | 02-02-2010 - 16:30 | |
CVE-2010-2730 | 9.3 |
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Per: http://www.mic
|
05-02-2021 - 15:37 | 15-09-2010 - 19:00 | |
CVE-2013-3128 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and
|
08-12-2020 - 15:11 | 09-10-2013 - 14:53 | |
CVE-2002-0075 | 7.5 |
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
|
23-11-2020 - 19:49 | 22-04-2002 - 04:00 | |
CVE-2002-0148 | 7.5 |
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
|
23-11-2020 - 19:49 | 22-04-2002 - 04:00 | |
CVE-2010-3190 | 9.3 |
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3
|
16-11-2020 - 19:33 | 31-08-2010 - 20:00 | |
CVE-2010-2008 | 3.5 |
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot
|
09-11-2020 - 14:33 | 13-07-2010 - 20:30 | |
CVE-2011-1783 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memor
|
05-10-2020 - 19:05 | 06-06-2011 - 19:55 | |
CVE-2011-1752 | 5.0 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as e
|
05-10-2020 - 19:04 | 06-06-2011 - 19:55 | |
CVE-2011-4374 | 9.3 |
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
|
28-09-2020 - 15:22 | 19-01-2012 - 19:55 | |
CVE-2013-3128 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2013-3200 | 7.2 |
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2011-3402 | 9.3 |
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP
|
28-09-2020 - 12:58 | 04-11-2011 - 21:55 | |
CVE-2013-3129 | 9.3 |
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2011-3406 | 9.0 |
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, a
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2013-1294 | 4.9 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2011-2014 | 9.0 |
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2012-2897 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before
|
28-09-2020 - 12:58 | 26-09-2012 - 10:56 | |
CVE-2012-1848 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2012-1858 | 4.3 |
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduc
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
CVE-2012-0148 | 7.2 |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passe
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-3200 | 7.2 |
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
CVE-2012-0180 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2013-0005 | 7.8 |
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2012-0148 | 7.2 |
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passe
|
28-09-2020 - 12:58 | 14-02-2012 - 22:55 | |
CVE-2013-0005 | 7.8 |
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
CVE-2013-1294 | 4.9 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
CVE-2012-2897 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before
|
28-09-2020 - 12:58 | 26-09-2012 - 10:56 | |
CVE-2012-1848 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2011-3406 | 9.0 |
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, a
|
28-09-2020 - 12:58 | 14-12-2011 - 00:55 | |
CVE-2013-3129 | 9.3 |
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
CVE-2011-2014 | 9.0 |
The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, W
|
28-09-2020 - 12:58 | 08-11-2011 - 21:55 | |
CVE-2012-0180 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode
|
28-09-2020 - 12:58 | 09-05-2012 - 00:55 | |
CVE-2011-3402 | 9.3 |
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP
|
28-09-2020 - 12:58 | 04-11-2011 - 21:55 | |
CVE-2011-3970 | 4.3 |
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
09-09-2020 - 15:15 | 09-02-2012 - 04:10 | |
CVE-2012-1938 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
28-08-2020 - 13:20 | 05-06-2012 - 23:55 | |
CVE-2012-0449 | 9.3 |
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
|
28-08-2020 - 13:14 | 01-02-2012 - 16:55 | |
CVE-2012-0444 | 10.0 |
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corr
|
28-08-2020 - 13:12 | 01-02-2012 - 16:55 | |
CVE-2012-0442 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corru
|
28-08-2020 - 13:11 | 01-02-2012 - 16:55 | |
CVE-2011-3659 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect Attribu
|
28-08-2020 - 13:10 | 01-02-2012 - 16:55 | |
CVE-2012-3983 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
27-08-2020 - 14:53 | 10-10-2012 - 17:55 | |
CVE-2012-3989 | 9.3 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary
|
27-08-2020 - 14:50 | 10-10-2012 - 17:55 | |
CVE-2012-5354 | 6.8 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks vi
|
26-08-2020 - 19:40 | 10-10-2012 - 17:55 | |
CVE-2012-3984 | 6.8 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving
|
26-08-2020 - 19:36 | 10-10-2012 - 17:55 | |
CVE-2012-3985 | 4.3 |
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access af
|
26-08-2020 - 19:36 | 10-10-2012 - 17:55 | |
CVE-2013-3334 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:52 | 16-05-2013 - 11:45 | |
CVE-2013-3335 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:52 | 16-05-2013 - 11:45 | |
CVE-2013-3333 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:51 | 16-05-2013 - 11:45 | |
CVE-2013-3332 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:50 | 16-05-2013 - 11:45 | |
CVE-2013-3331 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:42 | 16-05-2013 - 11:45 | |
CVE-2013-3330 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:38 | 16-05-2013 - 11:45 | |
CVE-2013-3328 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:37 | 16-05-2013 - 11:45 | |
CVE-2013-3329 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:37 | 16-05-2013 - 11:45 | |
CVE-2013-3327 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:36 | 16-05-2013 - 11:45 | |
CVE-2013-3326 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:21 | 16-05-2013 - 11:45 | |
CVE-2013-3324 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:20 | 16-05-2013 - 11:45 | |
CVE-2013-3325 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:20 | 16-05-2013 - 11:45 | |
CVE-2013-2728 | 10.0 |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3
|
25-08-2020 - 13:10 | 16-05-2013 - 11:45 | |
CVE-2012-4205 | 6.8 |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site reques
|
21-08-2020 - 18:45 | 21-11-2012 - 12:55 | |
CVE-2012-4218 | 10.0 |
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2012-4212 | 10.0 |
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt
|
21-08-2020 - 18:44 | 21-11-2012 - 12:55 | |
CVE-2012-4191 | 9.3 |
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and
|
14-08-2020 - 17:27 | 12-10-2012 - 10:44 | |
CVE-2010-1773 | 6.8 |
Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory
|
14-08-2020 - 16:23 | 24-09-2010 - 19:00 | |
CVE-2010-1205 | 7.5 |
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
|
14-08-2020 - 15:50 | 30-06-2010 - 18:30 | |
CVE-2012-5836 | 7.5 |
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) proper
|
13-08-2020 - 13:44 | 21-11-2012 - 12:55 | |
CVE-2012-4217 | 9.3 |
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap
|
13-08-2020 - 13:30 | 21-11-2012 - 12:55 | |
CVE-2012-4204 | 9.3 |
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
|
13-08-2020 - 13:26 | 21-11-2012 - 12:55 | |
CVE-2012-4208 | 4.3 |
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions o
|
12-08-2020 - 19:45 | 21-11-2012 - 12:55 | |
CVE-2010-2646 | 9.3 |
Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.
|
11-08-2020 - 13:49 | 06-07-2010 - 17:17 | |
CVE-2010-2645 | 6.8 |
Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.
|
10-08-2020 - 17:31 | 06-07-2010 - 17:17 | |
CVE-2010-2647 | 9.3 |
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
|
10-08-2020 - 17:29 | 06-07-2010 - 17:17 | |
CVE-2010-2652 | 5.0 |
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
|
07-08-2020 - 15:46 | 06-07-2010 - 17:17 | |
CVE-2010-2648 | 9.3 |
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown ve
|
07-08-2020 - 15:42 | 06-07-2010 - 17:17 | |
CVE-2010-2649 | 4.3 |
Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.
|
07-08-2020 - 15:42 | 06-07-2010 - 17:17 | |
CVE-2010-2651 | 9.3 |
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via
|
07-08-2020 - 15:40 | 06-07-2010 - 17:17 | |
CVE-2010-2650 | 9.3 |
Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs."
|
07-08-2020 - 15:39 | 06-07-2010 - 17:17 | |
CVE-2010-1770 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, wh
|
07-08-2020 - 15:25 | 11-06-2010 - 19:30 | |
CVE-2010-2110 | 7.5 |
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
|
06-08-2020 - 21:03 | 28-05-2010 - 18:30 | |
CVE-2010-2109 | 7.5 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
|
06-08-2020 - 21:01 | 28-05-2010 - 18:30 | |
CVE-2010-2108 | 7.5 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
|
06-08-2020 - 21:01 | 28-05-2010 - 18:30 | |
CVE-2010-2106 | 4.3 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.
|
06-08-2020 - 20:57 | 28-05-2010 - 18:30 | |
CVE-2010-2107 | 10.0 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.
|
06-08-2020 - 20:57 | 28-05-2010 - 18:30 | |
CVE-2010-2105 | 10.0 |
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.
|
06-08-2020 - 20:56 | 28-05-2010 - 18:30 | |
CVE-2010-2900 | 10.0 |
Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.
|
06-08-2020 - 18:57 | 28-07-2010 - 20:00 | |
CVE-2013-0772 | 5.8 |
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read an
|
06-08-2020 - 16:28 | 19-02-2013 - 23:55 | |
CVE-2013-0765 | 9.3 |
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
|
06-08-2020 - 16:02 | 19-02-2013 - 23:55 | |
CVE-2010-2301 | 4.3 |
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA ele
|
06-08-2020 - 14:26 | 15-06-2010 - 18:00 | |
CVE-2010-2902 | 10.0 |
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
05-08-2020 - 18:23 | 28-07-2010 - 20:00 | |
CVE-2010-2899 | 5.0 |
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.
|
05-08-2020 - 18:21 | 28-07-2010 - 20:00 | |
CVE-2010-2898 | 10.0 |
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors.
|
05-08-2020 - 18:21 | 28-07-2010 - 20:00 | |
CVE-2010-2295 | 4.3 |
page/EventHandler.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 does not properly handle a change of the focused frame during the dispatching of keydown, which allows user-assisted remote attackers to redirect keystrokes via a crafted H
|
05-08-2020 - 18:18 | 15-06-2010 - 18:00 | |
CVE-2010-2297 | 9.3 |
rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute
|
05-08-2020 - 18:15 | 15-06-2010 - 18:00 | |
CVE-2010-2302 | 10.0 |
Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with sh
|
05-08-2020 - 18:12 | 15-06-2010 - 18:00 | |
CVE-2010-2298 | 10.0 |
browser/renderer_host/database_dispatcher_host.cc in Google Chrome before 5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile messages in chroot-based sandboxing, which allows remote attackers to bypass intended sandbox restrict
|
05-08-2020 - 18:11 | 15-06-2010 - 18:00 | |
CVE-2010-2296 | 9.3 |
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.
|
05-08-2020 - 15:34 | 15-06-2010 - 18:00 | |
CVE-2010-2300 | 10.0 |
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi
|
05-08-2020 - 15:31 | 15-06-2010 - 18:00 | |
CVE-2010-2299 | 10.0 |
The Clipboard::DispatchObject function in app/clipboard/clipboard.cc in Google Chrome before 5.0.375.70 does not properly handle CBF_SMBITMAP objects in a ViewHostMsg_ClipboardWriteObjectsAsync message, which might allow remote attackers to execute a
|
05-08-2020 - 15:30 | 15-06-2010 - 18:00 | |
CVE-2010-3259 | 4.3 |
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass t
|
04-08-2020 - 19:45 | 07-09-2010 - 18:00 | |
CVE-2010-3258 | 9.3 |
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
|
04-08-2020 - 19:43 | 07-09-2010 - 18:00 | |
CVE-2010-3257 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (applicat
|
04-08-2020 - 19:41 | 07-09-2010 - 18:00 | |
CVE-2010-3254 | 10.0 |
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 19:40 | 07-09-2010 - 18:00 | |
CVE-2010-3253 | 10.0 |
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 19:35 | 07-09-2010 - 18:00 | |
CVE-2010-3252 | 10.0 |
Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 19:32 | 07-09-2010 - 18:00 | |
CVE-2010-3116 | 10.0 |
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of servic
|
04-08-2020 - 19:31 | 24-08-2010 - 20:00 | |
CVE-2010-2901 | 10.0 |
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 19:21 | 28-07-2010 - 20:00 | |
CVE-2010-3416 | 7.5 |
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 19:11 | 16-09-2010 - 21:00 | |
CVE-2010-2903 | 7.5 |
Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.
|
04-08-2020 - 16:56 | 28-07-2010 - 20:00 | |
CVE-2010-3118 | 5.0 |
The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feat
|
04-08-2020 - 16:44 | 24-08-2010 - 20:00 | |
CVE-2010-3115 | 5.0 |
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
|
04-08-2020 - 16:37 | 24-08-2010 - 20:00 | |
CVE-2010-3114 | 10.0 |
The text-editing implementation in Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not check a node type before performing a cast, which has unspecified impact and attack vectors related to (1) DeleteSelectionCommand.cpp, (2) Inser
|
04-08-2020 - 16:36 | 24-08-2010 - 20:00 | |
CVE-2010-3113 | 10.0 |
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related
|
04-08-2020 - 16:30 | 24-08-2010 - 20:00 | |
CVE-2010-3255 | 9.3 |
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 14:16 | 07-09-2010 - 18:00 | |
CVE-2010-3119 | 10.0 |
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
04-08-2020 - 14:05 | 24-08-2010 - 20:00 | |
CVE-2010-3112 | 10.0 |
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
03-08-2020 - 21:17 | 24-08-2010 - 20:00 | |
CVE-2010-3256 | 4.3 |
Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors.
|
03-08-2020 - 21:16 | 07-09-2010 - 18:00 | |
CVE-2010-3250 | 5.0 |
Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.
|
03-08-2020 - 21:07 | 07-09-2010 - 18:00 | |
CVE-2010-3249 | 9.3 |
Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue.
|
03-08-2020 - 20:57 | 07-09-2010 - 18:00 | |
CVE-2010-3247 | 4.3 |
Google Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences.
|
03-08-2020 - 20:55 | 07-09-2010 - 18:00 | |
CVE-2010-3248 | 5.0 |
Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.
|
03-08-2020 - 20:55 | 07-09-2010 - 18:00 | |
CVE-2010-3246 | 4.3 |
Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
03-08-2020 - 20:50 | 07-09-2010 - 18:00 | |
CVE-2010-3120 | 10.0 |
Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
03-08-2020 - 20:49 | 24-08-2010 - 20:00 | |
CVE-2010-2897 | 10.0 |
Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors.
|
03-08-2020 - 20:44 | 28-07-2010 - 20:00 | |
CVE-2010-1822 | 6.8 |
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service
|
03-08-2020 - 18:32 | 04-10-2010 - 21:00 | |
CVE-2010-3117 | 10.0 |
Google Chrome before 5.0.375.127 does not properly implement the notifications feature, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via unknown vectors.
|
03-08-2020 - 16:04 | 24-08-2010 - 20:00 | |
CVE-2010-3730 | 6.8 |
Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.
|
03-08-2020 - 14:59 | 05-10-2010 - 18:00 | |
CVE-2010-3729 | 7.5 |
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
|
03-08-2020 - 14:59 | 05-10-2010 - 18:00 | |
CVE-2010-4042 | 7.5 |
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
|
31-07-2020 - 19:37 | 21-10-2010 - 19:00 | |
CVE-2010-4041 | 7.5 |
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
|
31-07-2020 - 19:33 | 21-10-2010 - 19:00 | |
CVE-2010-4039 | 7.5 |
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
|
31-07-2020 - 19:31 | 21-10-2010 - 19:00 | |
CVE-2010-4038 | 5.0 |
The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
31-07-2020 - 19:24 | 21-10-2010 - 19:00 | |
CVE-2010-1825 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
|
31-07-2020 - 19:23 | 24-09-2010 - 19:00 | |
CVE-2010-1824 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG style
|
31-07-2020 - 19:21 | 24-09-2010 - 19:00 | |
CVE-2010-1823 | 9.3 |
Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as doc
|
31-07-2020 - 19:20 | 24-09-2010 - 19:00 | |
CVE-2010-3417 | 5.0 |
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
|
31-07-2020 - 19:20 | 16-09-2010 - 21:00 | |
CVE-2010-3415 | 10.0 |
Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
31-07-2020 - 19:13 | 16-09-2010 - 21:00 | |
CVE-2010-3413 | 5.0 |
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
|
31-07-2020 - 19:11 | 16-09-2010 - 21:00 | |
CVE-2010-3412 | 9.3 |
Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors.
|
31-07-2020 - 19:10 | 16-09-2010 - 21:00 | |
CVE-2010-3411 | 5.0 |
Google Chrome before 6.0.472.59 on Linux does not properly handle cursors, which might allow attackers to cause a denial of service (assertion failure) via unspecified vectors.
|
31-07-2020 - 19:04 | 16-09-2010 - 21:00 | |
CVE-2010-4494 | 7.5 |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath
|
31-07-2020 - 18:38 | 07-12-2010 - 21:00 | |
CVE-2010-4204 | 7.5 |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified othe
|
31-07-2020 - 18:25 | 06-11-2010 - 00:00 | |
CVE-2010-4202 | 7.5 |
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
|
31-07-2020 - 18:25 | 06-11-2010 - 00:00 | |
CVE-2010-4203 | 10.0 |
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
|
31-07-2020 - 18:24 | 06-11-2010 - 00:00 | |
CVE-2010-4201 | 7.5 |
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
|
31-07-2020 - 18:21 | 06-11-2010 - 00:00 | |
CVE-2010-4199 | 6.8 |
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SV
|
31-07-2020 - 17:54 | 06-11-2010 - 00:00 | |
CVE-2010-4197 | 7.5 |
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text
|
31-07-2020 - 17:53 | 06-11-2010 - 00:00 | |
CVE-2010-4198 | 6.8 |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified oth
|
31-07-2020 - 17:53 | 06-11-2010 - 00:00 | |
CVE-2010-3251 | 4.3 |
The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
|
31-07-2020 - 17:51 | 07-09-2010 - 18:00 | |
CVE-2010-4040 | 6.8 |
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
|
31-07-2020 - 17:33 | 21-10-2010 - 19:00 | |
CVE-2010-4205 | 7.5 |
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
31-07-2020 - 15:26 | 06-11-2010 - 00:00 | |
CVE-2010-4206 | 6.8 |
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service
|
31-07-2020 - 15:06 | 06-11-2010 - 00:00 | |
CVE-2010-4574 | 7.5 |
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization
|
31-07-2020 - 11:18 | 22-12-2010 - 01:00 | |
CVE-2010-4575 | 4.3 |
The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, whi
|
31-07-2020 - 11:18 | 22-12-2010 - 01:00 | |
CVE-2010-4576 | 5.0 |
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereferen
|
29-07-2020 - 15:31 | 22-12-2010 - 01:00 | |
CVE-2010-4578 | 7.5 |
Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale po
|
28-07-2020 - 19:16 | 22-12-2010 - 01:00 | |
CVE-2010-4493 | 4.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
|
28-07-2020 - 19:15 | 07-12-2010 - 21:00 | |
CVE-2010-4492 | 7.5 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
|
28-07-2020 - 19:05 | 07-12-2010 - 21:00 | |
CVE-2010-3111 | 10.0 |
Google Chrome before 6.0.472.53 does not properly mitigate an unspecified flaw in the Windows kernel, which has unknown impact and attack vectors, a different vulnerability than CVE-2010-2897.
|
28-07-2020 - 19:01 | 24-08-2010 - 20:00 | |
CVE-2011-0484 | 7.5 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale
|
27-07-2020 - 16:19 | 14-01-2011 - 17:00 | |
CVE-2011-0477 | 10.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact v
|
27-07-2020 - 16:01 | 14-01-2011 - 17:00 | |
CVE-2011-0480 | 9.3 |
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or
|
24-07-2020 - 21:16 | 14-01-2011 - 17:00 | |
CVE-2011-0485 | 10.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."
|
24-07-2020 - 21:16 | 14-01-2011 - 17:00 | |
CVE-2011-0479 | 7.5 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.
|
24-07-2020 - 21:12 | 14-01-2011 - 17:00 | |
CVE-2011-0475 | 9.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
|
24-07-2020 - 21:09 | 14-01-2011 - 17:00 | |
CVE-2011-0474 | 10.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified
|
24-07-2020 - 21:05 | 14-01-2011 - 17:00 | |
CVE-2011-0470 | 5.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
24-07-2020 - 21:04 | 14-01-2011 - 17:00 | |
CVE-2011-0478 | 10.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale
|
24-07-2020 - 14:03 | 14-01-2011 - 17:00 | |
CVE-2011-0483 | 5.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact
|
24-07-2020 - 13:59 | 14-01-2011 - 17:00 | |
CVE-2011-0482 | 4.3 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impa
|
24-07-2020 - 13:56 | 14-01-2011 - 17:00 | |
CVE-2011-0481 | 9.3 |
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.
|
24-07-2020 - 13:55 | 14-01-2011 - 17:00 | |
CVE-2011-0476 | 10.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.
|
24-07-2020 - 13:48 | 14-01-2011 - 17:00 | |
CVE-2011-0473 | 10.0 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have uns
|
24-07-2020 - 13:41 | 14-01-2011 - 17:00 | |
CVE-2011-0472 | 9.3 |
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other im
|
24-07-2020 - 13:37 | 14-01-2011 - 17:00 | |
CVE-2011-0471 | 10.0 |
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown
|
24-07-2020 - 13:32 | 14-01-2011 - 17:00 | |
CVE-2011-0784 | 6.8 |
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
|
05-06-2020 - 13:36 | 04-02-2011 - 18:00 | |
CVE-2011-0783 | 4.3 |
Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."
|
04-06-2020 - 21:00 | 04-02-2011 - 18:00 | |
CVE-2011-0781 | 7.5 |
Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors.
|
04-06-2020 - 20:49 | 04-02-2011 - 18:00 | |
CVE-2011-0780 | 6.8 |
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unkn
|
04-06-2020 - 20:45 | 04-02-2011 - 18:00 | |
CVE-2011-0779 | 5.0 |
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
|
04-06-2020 - 20:43 | 04-02-2011 - 18:00 | |
CVE-2011-0777 | 7.5 |
Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.
|
04-06-2020 - 20:41 | 04-02-2011 - 18:00 | |
CVE-2010-4008 | 4.3 |
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to ca
|
04-06-2020 - 20:31 | 17-11-2010 - 01:00 | |
CVE-2011-0982 | 10.0 |
Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.
|
04-06-2020 - 19:33 | 10-02-2011 - 19:00 | |
CVE-2011-0981 | 7.5 |
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 19:33 | 10-02-2011 - 19:00 | |
CVE-2011-0983 | 7.5 |
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 19:33 | 10-02-2011 - 19:00 | |
CVE-2011-1122 | 5.0 |
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71960.
|
04-06-2020 - 19:24 | 01-03-2011 - 23:00 | |
CVE-2011-1125 | 7.5 |
Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 19:21 | 01-03-2011 - 23:00 | |
CVE-2011-1123 | 7.5 |
Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors.
|
04-06-2020 - 19:17 | 01-03-2011 - 23:00 | |
CVE-2011-1124 | 7.5 |
Use-after-free vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to blocked plug-ins.
|
04-06-2020 - 19:17 | 01-03-2011 - 23:00 | |
CVE-2011-1121 | 7.5 |
Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.
|
04-06-2020 - 19:15 | 01-03-2011 - 23:00 | |
CVE-2011-1120 | 5.0 |
The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, aka Issue 71717.
|
04-06-2020 - 19:11 | 01-03-2011 - 23:00 | |
CVE-2011-1119 | 7.5 |
Google Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 19:03 | 01-03-2011 - 23:00 | |
CVE-2011-1118 | 6.8 |
Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
|
04-06-2020 - 18:53 | 01-03-2011 - 23:00 | |
CVE-2011-1117 | 7.5 |
Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."
|
04-06-2020 - 18:48 | 01-03-2011 - 23:00 | |
CVE-2011-1116 | 7.5 |
Google Chrome before 9.0.597.107 does not properly handle SVG animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 18:28 | 01-03-2011 - 23:00 | |
CVE-2011-1115 | 7.5 |
Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 18:06 | 01-03-2011 - 23:00 | |
CVE-2011-1114 | 7.5 |
Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
|
04-06-2020 - 18:05 | 01-03-2011 - 23:00 | |
CVE-2011-1113 | 5.0 |
Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
04-06-2020 - 17:58 | 01-03-2011 - 23:00 | |
CVE-2011-1112 | 7.5 |
Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
04-06-2020 - 17:38 | 01-03-2011 - 23:00 | |
CVE-2011-1110 | 7.5 |
Google Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 17:36 | 01-03-2011 - 23:00 | |
CVE-2011-0985 | 7.5 |
Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.
|
04-06-2020 - 17:30 | 10-02-2011 - 19:00 | |
CVE-2011-0984 | 5.0 |
Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
04-06-2020 - 17:26 | 10-02-2011 - 19:00 | |
CVE-2011-1286 | 7.5 |
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.
|
04-06-2020 - 14:32 | 11-03-2011 - 02:01 | |
CVE-2011-1204 | 6.8 |
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.
|
04-06-2020 - 14:17 | 11-03-2011 - 02:01 | |
CVE-2011-1202 | 4.3 |
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an
|
04-06-2020 - 14:16 | 11-03-2011 - 02:01 | |
CVE-2011-1201 | 7.5 |
The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
04-06-2020 - 13:45 | 11-03-2011 - 02:01 | |
CVE-2011-1200 | 6.8 |
Google Chrome before 10.0.648.127 does not properly perform a cast of an unspecified variable during text rendering, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
|
04-06-2020 - 13:43 | 11-03-2011 - 02:01 | |
CVE-2011-1198 | 7.5 |
The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."
|
03-06-2020 - 21:16 | 11-03-2011 - 02:01 | |
CVE-2011-1197 | 7.5 |
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
03-06-2020 - 20:45 | 11-03-2011 - 02:01 | |
CVE-2011-1194 | 5.0 |
Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.
|
03-06-2020 - 20:38 | 11-03-2011 - 02:01 | |
CVE-2011-1185 | 7.5 |
Google Chrome before 10.0.648.127 does not prevent (1) navigation and (2) close operations on the top location of a sandboxed frame, which has unspecified impact and remote attack vectors.
|
03-06-2020 - 20:31 | 11-03-2011 - 02:01 | |
CVE-2011-1111 | 7.5 |
Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
03-06-2020 - 20:14 | 01-03-2011 - 23:00 | |
CVE-2011-1109 | 7.5 |
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "sta
|
03-06-2020 - 20:04 | 01-03-2011 - 23:00 | |
CVE-2011-1107 | 4.3 |
Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.
|
03-06-2020 - 19:57 | 01-03-2011 - 23:00 | |
CVE-2011-1413 | 5.0 |
Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors involving long messages.
|
03-06-2020 - 18:59 | 11-03-2011 - 02:01 | |
CVE-2011-1285 | 7.5 |
The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vec
|
03-06-2020 - 18:57 | 11-03-2011 - 02:01 | |
CVE-2011-1203 | 7.5 |
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
03-06-2020 - 18:47 | 11-03-2011 - 02:01 | |
CVE-2011-1199 | 7.5 |
Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
03-06-2020 - 18:45 | 11-03-2011 - 02:01 | |
CVE-2011-1196 | 7.5 |
The OGG container implementation in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
|
03-06-2020 - 18:44 | 11-03-2011 - 02:01 | |
CVE-2011-1195 | 7.5 |
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "document script lifetime handling."
|
03-06-2020 - 18:42 | 11-03-2011 - 02:01 | |
CVE-2011-1191 | 7.5 |
Use-after-free vulnerability in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of DOM URLs.
|
03-06-2020 - 18:41 | 11-03-2011 - 02:01 | |
CVE-2011-1189 | 7.5 |
Google Chrome before 10.0.648.127 does not properly perform box layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
|
03-06-2020 - 18:35 | 11-03-2011 - 02:01 | |
CVE-2011-1188 | 7.5 |
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
03-06-2020 - 18:21 | 11-03-2011 - 02:01 | |
CVE-2011-1187 | 5.0 |
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
|
03-06-2020 - 18:20 | 11-03-2011 - 02:01 | |
CVE-2011-1691 | 5.0 |
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access t
|
03-06-2020 - 15:29 | 15-04-2011 - 00:55 | |
CVE-2011-1465 | 5.0 |
The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of service (application exit) by canceling a stream.
|
03-06-2020 - 15:19 | 20-03-2011 - 02:00 | |
CVE-2011-1059 | 4.3 |
Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other
|
03-06-2020 - 14:54 | 22-02-2011 - 19:00 | |
CVE-2011-1190 | 5.0 |
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
|
02-06-2020 - 20:22 | 11-03-2011 - 02:01 | |
CVE-2011-1193 | 7.5 |
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
02-06-2020 - 20:16 | 11-03-2011 - 02:01 | |
CVE-2011-1186 | 5.0 |
Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code.
|
02-06-2020 - 20:11 | 11-03-2011 - 02:01 | |
CVE-2011-1192 | 5.0 |
Google Chrome before 10.0.648.127 on Linux does not properly handle Unicode ranges, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
02-06-2020 - 20:02 | 11-03-2011 - 02:01 | |
CVE-2011-1108 | 6.8 |
Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
|
02-06-2020 - 18:33 | 01-03-2011 - 23:00 | |
CVE-2011-1296 | 7.5 |
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
29-05-2020 - 21:06 | 25-03-2011 - 19:55 | |
CVE-2011-1294 | 7.5 |
Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale po
|
29-05-2020 - 21:04 | 25-03-2011 - 19:55 | |
CVE-2011-1293 | 7.5 |
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
29-05-2020 - 21:03 | 25-03-2011 - 19:55 | |
CVE-2011-1301 | 9.3 |
Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
|
29-05-2020 - 21:01 | 15-04-2011 - 19:55 | |
CVE-2011-1302 | 9.3 |
Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
|
29-05-2020 - 20:59 | 15-04-2011 - 19:55 | |
CVE-2011-1292 | 7.5 |
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
29-05-2020 - 20:56 | 25-03-2011 - 19:55 | |
CVE-2011-1291 | 7.5 |
Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."
|
29-05-2020 - 20:37 | 25-03-2011 - 19:55 | |
CVE-2011-1295 | 7.5 |
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks,
|
29-05-2020 - 20:36 | 25-03-2011 - 19:55 | |
CVE-2011-1436 | 5.0 |
Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
29-05-2020 - 20:24 | 03-05-2011 - 22:55 | |
CVE-2011-1439 | 6.8 |
Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.
|
29-05-2020 - 20:21 | 03-05-2011 - 22:55 | |
CVE-2011-1444 | 6.8 |
Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
29-05-2020 - 20:14 | 03-05-2011 - 22:55 | |
CVE-2011-1454 | 6.8 |
Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
|
22-05-2020 - 18:43 | 03-05-2011 - 22:55 | |
CVE-2011-1804 | 7.5 |
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown
|
22-05-2020 - 18:38 | 26-05-2011 - 16:55 | |
CVE-2011-1456 | 6.8 |
Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
|
22-05-2020 - 18:30 | 03-05-2011 - 22:55 | |
CVE-2011-1452 | 5.8 |
Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.
|
22-05-2020 - 18:29 | 03-05-2011 - 22:55 | |
CVE-2011-1449 | 6.8 |
Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 18:28 | 03-05-2011 - 22:55 | |
CVE-2011-1451 | 7.5 |
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
|
22-05-2020 - 18:28 | 03-05-2011 - 22:55 | |
CVE-2011-1807 | 10.0 |
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
|
22-05-2020 - 18:26 | 26-05-2011 - 16:55 | |
CVE-2011-1445 | 6.8 |
Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
22-05-2020 - 18:25 | 03-05-2011 - 22:55 | |
CVE-2011-1448 | 6.8 |
Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
22-05-2020 - 18:25 | 03-05-2011 - 22:55 | |
CVE-2011-1440 | 6.8 |
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
|
22-05-2020 - 18:24 | 03-05-2011 - 22:55 | |
CVE-2011-1455 | 6.8 |
Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
|
22-05-2020 - 18:23 | 03-05-2011 - 22:55 | |
CVE-2011-1443 | 6.8 |
Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
|
22-05-2020 - 18:23 | 03-05-2011 - 22:55 | |
CVE-2011-1303 | 7.5 |
Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
22-05-2020 - 18:23 | 03-05-2011 - 22:55 | |
CVE-2011-1437 | 6.8 |
Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.
|
22-05-2020 - 18:23 | 03-05-2011 - 22:55 | |
CVE-2011-1806 | 10.0 |
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
22-05-2020 - 18:13 | 26-05-2011 - 16:55 | |
CVE-2011-1801 | 5.0 |
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
22-05-2020 - 18:09 | 26-05-2011 - 16:55 | |
CVE-2011-1800 | 7.5 |
Multiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 18:08 | 16-05-2011 - 17:55 | |
CVE-2011-1799 | 6.8 |
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 18:02 | 16-05-2011 - 17:55 | |
CVE-2011-1450 | 5.0 |
Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
|
22-05-2020 - 17:59 | 03-05-2011 - 22:55 | |
CVE-2011-1447 | 6.8 |
Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
22-05-2020 - 17:56 | 03-05-2011 - 22:55 | |
CVE-2011-1446 | 5.8 |
Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.
|
22-05-2020 - 17:48 | 03-05-2011 - 22:55 | |
CVE-2011-1442 | 6.8 |
Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 17:45 | 03-05-2011 - 22:55 | |
CVE-2011-1441 | 6.8 |
Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML
|
22-05-2020 - 17:42 | 03-05-2011 - 22:55 | |
CVE-2011-1438 | 7.5 |
Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.
|
22-05-2020 - 17:39 | 03-05-2011 - 22:55 | |
CVE-2011-1435 | 5.0 |
Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.
|
22-05-2020 - 17:32 | 03-05-2011 - 22:55 | |
CVE-2011-1304 | 5.0 |
Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.
|
22-05-2020 - 17:27 | 03-05-2011 - 22:55 | |
CVE-2011-1434 | 6.8 |
Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 17:17 | 03-05-2011 - 22:55 | |
CVE-2011-2342 | 4.3 |
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
22-05-2020 - 16:44 | 09-06-2011 - 19:55 | |
CVE-2011-1819 | 4.3 |
Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.
|
22-05-2020 - 16:44 | 09-06-2011 - 19:55 | |
CVE-2011-1818 | 6.8 |
Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 16:43 | 09-06-2011 - 19:55 | |
CVE-2011-1817 | 6.8 |
Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 16:13 | 09-06-2011 - 19:55 | |
CVE-2011-1816 | 6.8 |
Use-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 15:37 | 09-06-2011 - 19:55 | |
CVE-2011-1815 | 4.3 |
Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.
|
22-05-2020 - 15:30 | 09-06-2011 - 19:55 | |
CVE-2011-1814 | 5.8 |
Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 15:21 | 09-06-2011 - 19:55 | |
CVE-2011-1813 | 6.8 |
Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
22-05-2020 - 14:55 | 09-06-2011 - 19:55 | |
CVE-2011-1812 | 7.5 |
Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.
|
22-05-2020 - 14:52 | 09-06-2011 - 19:55 | |
CVE-2011-1811 | 4.3 |
Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
22-05-2020 - 14:49 | 09-06-2011 - 19:55 | |
CVE-2011-1810 | 4.3 |
The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
22-05-2020 - 14:17 | 09-06-2011 - 19:55 | |
CVE-2011-1809 | 6.8 |
Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
22-05-2020 - 14:16 | 09-06-2011 - 19:55 | |
CVE-2011-2351 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
|
21-05-2020 - 20:33 | 29-06-2011 - 17:55 | |
CVE-2011-2350 | 6.8 |
The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
21-05-2020 - 20:29 | 29-06-2011 - 17:55 | |
CVE-2011-2349 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.
|
21-05-2020 - 20:25 | 29-06-2011 - 17:55 | |
CVE-2011-2348 | 6.8 |
Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
21-05-2020 - 20:15 | 29-06-2011 - 17:55 | |
CVE-2011-2347 | 6.8 |
Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
21-05-2020 - 20:12 | 29-06-2011 - 17:55 | |
CVE-2011-2346 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.
|
21-05-2020 - 19:59 | 29-06-2011 - 17:55 | |
CVE-2011-2345 | 4.3 |
The NPAPI implementation in Google Chrome before 12.0.742.112 does not properly handle strings, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
21-05-2020 - 19:58 | 29-06-2011 - 17:55 | |
CVE-2011-2332 | 7.5 |
Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
21-05-2020 - 19:47 | 09-06-2011 - 19:55 | |
CVE-2011-1808 | 6.8 |
Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during float handling.
|
21-05-2020 - 19:42 | 09-06-2011 - 19:55 | |
CVE-2011-2818 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.
|
21-05-2020 - 12:54 | 03-08-2011 - 00:55 | |
CVE-2011-2793 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors.
|
21-05-2020 - 01:13 | 03-08-2011 - 00:55 | |
CVE-2011-2791 | 6.8 |
The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
|
21-05-2020 - 01:13 | 03-08-2011 - 00:55 | |
CVE-2011-2803 | 6.8 |
Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
21-05-2020 - 01:12 | 03-08-2011 - 00:55 | |
CVE-2011-2797 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.
|
21-05-2020 - 01:12 | 03-08-2011 - 00:55 | |
CVE-2011-2796 | 6.8 |
Use-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
21-05-2020 - 01:12 | 03-08-2011 - 00:55 | |
CVE-2011-2801 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader.
|
21-05-2020 - 01:11 | 03-08-2011 - 00:55 | |
CVE-2011-2785 | 4.3 |
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.
|
21-05-2020 - 01:06 | 03-08-2011 - 00:55 | |
CVE-2011-2360 | 4.3 |
Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.
|
21-05-2020 - 01:04 | 03-08-2011 - 00:55 | |
CVE-2011-2359 | 6.8 |
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
|
21-05-2020 - 00:59 | 03-08-2011 - 00:55 | |
CVE-2011-2783 | 6.8 |
Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
|
20-05-2020 - 20:06 | 03-08-2011 - 00:55 | |
CVE-2011-2782 | 4.3 |
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
|
20-05-2020 - 19:57 | 03-08-2011 - 00:55 | |
CVE-2011-2358 | 6.8 |
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
|
20-05-2020 - 19:51 | 03-08-2011 - 00:55 | |
CVE-2011-2804 | 4.3 |
Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
|
20-05-2020 - 15:43 | 03-08-2011 - 00:55 | |
CVE-2011-2805 | 6.8 |
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.
|
20-05-2020 - 15:40 | 03-08-2011 - 00:55 | |
CVE-2011-2802 | 6.8 |
Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.
|
20-05-2020 - 15:38 | 03-08-2011 - 00:55 | |
CVE-2011-2798 | 6.8 |
Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.
|
20-05-2020 - 15:38 | 03-08-2011 - 00:55 | |
CVE-2011-2794 | 6.8 |
Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
20-05-2020 - 15:35 | 03-08-2011 - 00:55 | |
CVE-2011-2786 | 4.3 |
Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.
|
20-05-2020 - 15:31 | 03-08-2011 - 00:55 | |
CVE-2011-2799 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.
|
20-05-2020 - 15:26 | 03-08-2011 - 00:55 | |
CVE-2011-2800 | 4.3 |
Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.
|
20-05-2020 - 15:23 | 03-08-2011 - 00:55 | |
CVE-2011-2795 | 4.3 |
Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."
|
20-05-2020 - 15:19 | 03-08-2011 - 00:55 | |
CVE-2011-2784 | 2.1 |
Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.
|
20-05-2020 - 15:18 | 03-08-2011 - 00:55 | |
CVE-2011-2361 | 4.3 |
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.
|
20-05-2020 - 15:15 | 03-08-2011 - 00:55 | |
CVE-2011-2790 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.
|
20-05-2020 - 01:49 | 03-08-2011 - 00:55 | |
CVE-2011-2789 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.
|
20-05-2020 - 01:49 | 03-08-2011 - 00:55 | |
CVE-2011-2792 | 6.8 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.
|
20-05-2020 - 01:49 | 03-08-2011 - 00:55 | |
CVE-2011-2819 | 6.8 |
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.
|
19-05-2020 - 16:52 | 03-08-2011 - 00:55 | |
CVE-2011-2788 | 6.8 |
Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.
|
19-05-2020 - 15:25 | 03-08-2011 - 00:55 | |
CVE-2011-2787 | 4.3 |
Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
19-05-2020 - 15:13 | 03-08-2011 - 00:55 | |
CVE-2011-2839 | 7.5 |
The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-05-2020 - 14:36 | 29-08-2011 - 15:55 | |
CVE-2011-2806 | 10.0 |
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
19-05-2020 - 14:33 | 29-08-2011 - 15:55 | |
CVE-2011-2824 | 7.5 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.
|
19-05-2020 - 13:48 | 29-08-2011 - 15:55 | |
CVE-2011-2821 | 7.5 |
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
|
19-05-2020 - 13:43 | 29-08-2011 - 15:55 | |
CVE-2011-2829 | 7.5 |
Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.
|
19-05-2020 - 13:33 | 29-08-2011 - 15:55 | |
CVE-2011-2826 | 7.5 |
Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.
|
19-05-2020 - 13:30 | 29-08-2011 - 15:55 | |
CVE-2011-2827 | 7.5 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
|
19-05-2020 - 13:27 | 29-08-2011 - 15:55 | |
CVE-2011-2825 | 9.3 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
|
19-05-2020 - 13:24 | 29-08-2011 - 15:55 | |
CVE-2011-2823 | 7.5 |
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.
|
19-05-2020 - 13:21 | 29-08-2011 - 15:55 | |
CVE-2011-2828 | 7.5 |
Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
|
19-05-2020 - 13:14 | 29-08-2011 - 15:55 | |
CVE-2011-3881 | 4.3 |
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selec
|
11-05-2020 - 17:45 | 25-10-2011 - 19:55 | |
CVE-2011-3888 | 6.8 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown pl
|
11-05-2020 - 17:44 | 25-10-2011 - 19:55 | |
CVE-2011-2830 | 7.5 |
Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
11-05-2020 - 16:57 | 28-10-2011 - 02:49 | |
CVE-2011-3889 | 7.5 |
Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
11-05-2020 - 16:50 | 25-10-2011 - 19:55 | |
CVE-2011-3880 | 7.5 |
Google Chrome before 15.0.874.102 does not prevent use of an unspecified special character as a delimiter in HTTP headers, which has unknown impact and remote attack vectors.
|
11-05-2020 - 16:48 | 25-10-2011 - 19:55 | |
CVE-2011-3876 | 6.8 |
Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vectors.
|
11-05-2020 - 16:46 | 25-10-2011 - 19:55 | |
CVE-2011-2845 | 4.3 |
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
|
11-05-2020 - 16:44 | 25-10-2011 - 19:55 | |
CVE-2011-3873 | 6.8 |
Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
11-05-2020 - 16:30 | 04-10-2011 - 20:55 | |
CVE-2011-2881 | 6.8 |
Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
|
11-05-2020 - 16:29 | 04-10-2011 - 20:55 | |
CVE-2011-2880 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
|
11-05-2020 - 16:29 | 04-10-2011 - 20:55 | |
CVE-2011-3891 | 7.5 |
Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
11-05-2020 - 16:12 | 25-10-2011 - 19:55 | |
CVE-2011-3885 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.
|
11-05-2020 - 16:02 | 25-10-2011 - 19:55 | |
CVE-2011-3883 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counters.
|
11-05-2020 - 15:57 | 25-10-2011 - 19:55 | |
CVE-2011-3882 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media buffers.
|
11-05-2020 - 15:56 | 25-10-2011 - 19:55 | |
CVE-2011-2879 | 6.8 |
Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vecto
|
11-05-2020 - 15:38 | 04-10-2011 - 20:55 | |
CVE-2011-2878 | 7.5 |
Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
08-05-2020 - 21:34 | 04-10-2011 - 20:55 | |
CVE-2011-2877 | 6.8 |
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
|
08-05-2020 - 21:22 | 04-10-2011 - 20:55 | |
CVE-2011-2876 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.
|
08-05-2020 - 20:28 | 04-10-2011 - 20:55 | |
CVE-2011-3234 | 5.0 |
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 19:29 | 19-09-2011 - 12:02 | |
CVE-2011-2861 | 6.8 |
Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation.
|
08-05-2020 - 19:29 | 19-09-2011 - 12:02 | |
CVE-2011-2859 | 6.8 |
Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors.
|
08-05-2020 - 19:23 | 19-09-2011 - 12:02 | |
CVE-2011-2860 | 7.5 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
|
08-05-2020 - 19:23 | 19-09-2011 - 12:02 | |
CVE-2011-2852 | 6.8 |
Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
08-05-2020 - 19:11 | 19-09-2011 - 12:02 | |
CVE-2011-2853 | 7.5 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
|
08-05-2020 - 19:11 | 19-09-2011 - 12:02 | |
CVE-2011-2851 | 5.0 |
Google Chrome before 14.0.835.163 does not properly handle video, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 19:10 | 19-09-2011 - 12:02 | |
CVE-2011-2849 | 4.3 |
The WebSockets implementation in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
|
08-05-2020 - 19:05 | 19-09-2011 - 12:02 | |
CVE-2011-2848 | 4.3 |
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.
|
08-05-2020 - 19:01 | 19-09-2011 - 12:02 | |
CVE-2011-2843 | 5.0 |
Google Chrome before 14.0.835.163 does not properly handle media buffers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 19:00 | 19-09-2011 - 12:02 | |
CVE-2011-2835 | 6.8 |
Race condition in Google Chrome before 14.0.835.163 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the certificate cache.
|
08-05-2020 - 18:59 | 19-09-2011 - 12:02 | |
CVE-2011-2841 | 6.8 |
Google Chrome before 14.0.835.163 does not properly perform garbage collection during the processing of PDF documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
08-05-2020 - 18:59 | 19-09-2011 - 12:02 | |
CVE-2011-2836 | 7.5 |
Google Chrome before 14.0.835.163 does not require Infobar interaction before use of the Windows Media Player plug-in, which makes it easier for remote attackers to have an unspecified impact via crafted Flash content.
|
08-05-2020 - 18:44 | 19-09-2011 - 12:02 | |
CVE-2011-2834 | 6.8 |
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
|
08-05-2020 - 18:12 | 19-09-2011 - 12:02 | |
CVE-2011-2840 | 4.3 |
Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to "unusual user interaction."
|
08-05-2020 - 17:52 | 19-09-2011 - 12:02 | |
CVE-2011-2837 | 7.5 |
Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors.
|
08-05-2020 - 17:49 | 19-09-2011 - 12:02 | |
CVE-2011-2838 | 7.5 |
Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors.
|
08-05-2020 - 17:48 | 19-09-2011 - 12:02 | |
CVE-2011-2842 | 7.5 |
The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.
|
08-05-2020 - 17:47 | 19-09-2011 - 12:02 | |
CVE-2011-2847 | 6.8 |
Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
08-05-2020 - 17:38 | 19-09-2011 - 12:02 | |
CVE-2011-2844 | 5.0 |
Google Chrome before 14.0.835.163 does not properly process MP3 files, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 17:28 | 19-09-2011 - 12:02 | |
CVE-2011-2846 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.
|
08-05-2020 - 17:24 | 19-09-2011 - 12:02 | |
CVE-2011-2850 | 5.0 |
Google Chrome before 14.0.835.163 does not properly handle Khmer characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 17:22 | 19-09-2011 - 12:02 | |
CVE-2011-2854 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
|
08-05-2020 - 17:20 | 19-09-2011 - 12:02 | |
CVE-2011-2855 | 6.8 |
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale no
|
08-05-2020 - 17:19 | 19-09-2011 - 12:02 | |
CVE-2011-2857 | 6.8 |
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
|
08-05-2020 - 17:14 | 19-09-2011 - 12:02 | |
CVE-2011-2856 | 7.5 |
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
08-05-2020 - 17:08 | 19-09-2011 - 12:02 | |
CVE-2011-2858 | 5.0 |
Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 16:26 | 19-09-2011 - 12:02 | |
CVE-2011-2862 | 7.5 |
Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors.
|
08-05-2020 - 16:23 | 19-09-2011 - 12:02 | |
CVE-2011-2864 | 5.0 |
Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 16:15 | 19-09-2011 - 12:02 | |
CVE-2011-2874 | 6.8 |
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.
|
08-05-2020 - 16:12 | 19-09-2011 - 12:02 | |
CVE-2011-2875 | 6.8 |
Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
|
08-05-2020 - 16:08 | 19-09-2011 - 12:02 | |
CVE-2011-3917 | 7.5 |
Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
08-05-2020 - 14:32 | 13-12-2011 - 21:55 | |
CVE-2011-3916 | 5.0 |
Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 14:31 | 13-12-2011 - 21:55 | |
CVE-2011-3913 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.
|
08-05-2020 - 14:28 | 13-12-2011 - 21:55 | |
CVE-2011-3912 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
|
08-05-2020 - 14:25 | 13-12-2011 - 21:55 | |
CVE-2011-3911 | 5.0 |
Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 14:25 | 13-12-2011 - 21:55 | |
CVE-2011-3908 | 5.0 |
Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 14:24 | 13-12-2011 - 21:55 | |
CVE-2011-3900 | 7.5 |
Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.
|
08-05-2020 - 14:23 | 17-11-2011 - 23:55 | |
CVE-2011-3898 | 7.5 |
Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.
|
08-05-2020 - 14:21 | 11-11-2011 - 11:55 | |
CVE-2011-3897 | 6.8 |
Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.
|
08-05-2020 - 14:17 | 11-11-2011 - 11:55 | |
CVE-2011-3895 | 7.5 |
Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
|
08-05-2020 - 14:17 | 11-11-2011 - 11:55 | |
CVE-2011-3953 | 7.5 |
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
|
08-05-2020 - 14:13 | 09-02-2012 - 04:10 | |
CVE-2011-3955 | 7.5 |
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.
|
08-05-2020 - 14:12 | 09-02-2012 - 04:10 | |
CVE-2011-3957 | 7.5 |
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
|
08-05-2020 - 14:12 | 09-02-2012 - 04:10 | |
CVE-2011-3961 | 9.3 |
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
|
08-05-2020 - 14:07 | 09-02-2012 - 04:10 | |
CVE-2011-3963 | 5.0 |
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 14:04 | 09-02-2012 - 04:10 | |
CVE-2011-3971 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.
|
08-05-2020 - 14:03 | 09-02-2012 - 04:10 | |
CVE-2011-3972 | 5.0 |
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 13:44 | 09-02-2012 - 04:10 | |
CVE-2011-3894 | 7.5 |
Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.
|
08-05-2020 - 13:43 | 11-11-2011 - 11:55 | |
CVE-2011-3887 | 5.0 |
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
|
08-05-2020 - 13:40 | 25-10-2011 - 19:55 | |
CVE-2011-3893 | 5.0 |
Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
08-05-2020 - 13:39 | 11-11-2011 - 11:55 | |
CVE-2011-3892 | 7.5 |
Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.
|
08-05-2020 - 12:57 | 11-11-2011 - 11:55 | |
CVE-2011-3884 | 6.8 |
Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
08-05-2020 - 12:55 | 25-10-2011 - 19:55 | |
CVE-2011-3879 | 7.5 |
Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors.
|
07-05-2020 - 20:41 | 25-10-2011 - 19:55 | |
CVE-2011-3914 | 7.5 |
The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bou
|
07-05-2020 - 20:20 | 13-12-2011 - 21:55 | |
CVE-2011-3909 | 5.0 |
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
|
07-05-2020 - 20:19 | 13-12-2011 - 21:55 | |
CVE-2011-3906 | 5.0 |
The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
07-05-2020 - 19:24 | 13-12-2011 - 21:55 | |
CVE-2011-3915 | 7.5 |
Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.
|
07-05-2020 - 19:11 | 13-12-2011 - 21:55 | |
CVE-2011-3905 | 5.0 |
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
07-05-2020 - 19:05 | 13-12-2011 - 21:55 | |
CVE-2011-3919 | 7.5 |
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
07-05-2020 - 19:05 | 07-01-2012 - 11:55 | |
CVE-2011-3921 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving animation frames.
|
07-05-2020 - 18:44 | 07-01-2012 - 11:55 | |
CVE-2011-3922 | 7.5 |
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.
|
07-05-2020 - 18:43 | 07-01-2012 - 11:55 | |
CVE-2011-3924 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
|
07-05-2020 - 18:42 | 24-01-2012 - 04:03 | |
CVE-2011-3925 | 7.5 |
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation
|
07-05-2020 - 18:37 | 24-01-2012 - 04:03 | |
CVE-2011-3926 | 7.5 |
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
07-05-2020 - 18:36 | 24-01-2012 - 04:03 | |
CVE-2011-3927 | 7.5 |
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
07-05-2020 - 18:25 | 24-01-2012 - 04:03 | |
CVE-2011-3928 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
|
07-05-2020 - 18:24 | 24-01-2012 - 04:03 | |
CVE-2011-3966 | 7.5 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data
|
07-05-2020 - 18:20 | 09-02-2012 - 04:10 | |
CVE-2011-3967 | 5.0 |
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.
|
07-05-2020 - 18:15 | 09-02-2012 - 04:10 | |
CVE-2011-3904 | 7.5 |
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to bidirectional text (aka bidi) handling.
|
07-05-2020 - 18:14 | 13-12-2011 - 21:55 | |
CVE-2011-3877 | 4.3 |
Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
07-05-2020 - 18:10 | 25-10-2011 - 19:55 | |
CVE-2011-3878 | 6.8 |
Race condition in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker process initialization.
|
07-05-2020 - 18:10 | 25-10-2011 - 19:55 | |
CVE-2011-3875 | 4.3 |
Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
|
07-05-2020 - 18:08 | 25-10-2011 - 19:55 | |
CVE-2011-3896 | 7.5 |
Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.
|
07-05-2020 - 18:07 | 11-11-2011 - 11:55 | |
CVE-2011-3903 | 5.0 |
Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
07-05-2020 - 18:06 | 13-12-2011 - 21:55 | |
CVE-2011-3890 | 7.5 |
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video source handling.
|
07-05-2020 - 18:06 | 25-10-2011 - 19:55 | |
CVE-2011-3910 | 5.0 |
Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
07-05-2020 - 13:51 | 13-12-2011 - 21:55 | |
CVE-2011-3907 | 4.3 |
The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.
|
07-05-2020 - 13:51 | 13-12-2011 - 21:55 | |
CVE-2011-3960 | 4.3 |
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
21-04-2020 - 17:31 | 09-02-2012 - 04:10 | |
CVE-2011-3964 | 5.8 |
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.
|
17-04-2020 - 13:34 | 09-02-2012 - 04:10 | |
CVE-2011-3962 | 4.3 |
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
17-04-2020 - 13:33 | 09-02-2012 - 04:10 | |
CVE-2011-3958 | 6.8 |
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
17-04-2020 - 13:32 | 09-02-2012 - 04:10 | |
CVE-2011-3959 | 7.5 |
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
17-04-2020 - 13:32 | 09-02-2012 - 04:10 | |
CVE-2011-3956 | 6.8 |
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
|
17-04-2020 - 13:31 | 09-02-2012 - 04:10 | |
CVE-2011-3954 | 5.0 |
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
|
17-04-2020 - 13:30 | 09-02-2012 - 04:10 | |
CVE-2011-3965 | 5.0 |
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
16-04-2020 - 18:44 | 09-02-2012 - 04:10 | |
CVE-2011-3968 | 4.3 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.
|
16-04-2020 - 17:45 | 09-02-2012 - 04:10 | |
CVE-2011-3969 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
|
16-04-2020 - 17:33 | 09-02-2012 - 04:10 | |
CVE-2011-3015 | 6.8 |
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
16-04-2020 - 17:30 | 16-02-2012 - 20:55 | |
CVE-2011-3016 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
|
16-04-2020 - 17:29 | 16-02-2012 - 20:55 | |
CVE-2011-3017 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
|
16-04-2020 - 17:27 | 16-02-2012 - 20:55 | |
CVE-2011-3018 | 7.5 |
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.
|
16-04-2020 - 17:25 | 16-02-2012 - 20:55 | |
CVE-2011-3019 | 6.8 |
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.
|
16-04-2020 - 17:25 | 16-02-2012 - 20:55 | |
CVE-2011-3020 | 6.8 |
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
|
16-04-2020 - 17:21 | 16-02-2012 - 20:55 | |
CVE-2011-3021 | 7.5 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
|
16-04-2020 - 16:58 | 16-02-2012 - 20:55 | |
CVE-2011-3022 | 5.0 |
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
|
16-04-2020 - 16:49 | 16-02-2012 - 20:55 | |
CVE-2011-3023 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.
|
16-04-2020 - 16:45 | 16-02-2012 - 20:55 | |
CVE-2011-3025 | 4.3 |
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
16-04-2020 - 16:41 | 16-02-2012 - 20:55 | |
CVE-2011-3024 | 4.3 |
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
|
16-04-2020 - 16:41 | 16-02-2012 - 20:55 | |
CVE-2011-3026 | 6.8 |
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
|
16-04-2020 - 16:37 | 16-02-2012 - 20:55 | |
CVE-2011-3027 | 4.3 |
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
|
16-04-2020 - 16:19 | 16-02-2012 - 20:55 | |
CVE-2011-3031 | 6.8 |
Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
16-04-2020 - 16:17 | 05-03-2012 - 19:55 | |
CVE-2011-3033 | 7.5 |
Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
16-04-2020 - 16:16 | 05-03-2012 - 19:55 | |
CVE-2011-3032 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
|
16-04-2020 - 16:16 | 05-03-2012 - 19:55 | |
CVE-2011-3034 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
|
16-04-2020 - 16:15 | 05-03-2012 - 19:55 | |
CVE-2011-3035 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
|
16-04-2020 - 16:15 | 05-03-2012 - 19:55 | |
CVE-2011-3036 | 6.8 |
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
|
16-04-2020 - 16:14 | 05-03-2012 - 19:55 | |
CVE-2011-3037 | 6.8 |
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted documen
|
16-04-2020 - 16:13 | 05-03-2012 - 19:55 | |
CVE-2011-3038 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
|
16-04-2020 - 16:10 | 05-03-2012 - 19:55 | |
CVE-2011-3039 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
|
16-04-2020 - 16:08 | 05-03-2012 - 19:55 | |
CVE-2011-3040 | 4.3 |
Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
|
16-04-2020 - 16:08 | 05-03-2012 - 19:55 | |
CVE-2011-3042 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
|
16-04-2020 - 16:06 | 05-03-2012 - 19:55 | |
CVE-2011-3041 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
|
16-04-2020 - 16:06 | 05-03-2012 - 19:55 | |
CVE-2011-3043 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of ele
|
16-04-2020 - 16:04 | 05-03-2012 - 19:55 | |
CVE-2011-3044 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
|
16-04-2020 - 15:59 | 05-03-2012 - 19:55 | |
CVE-2011-3046 | 10.0 |
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
|
16-04-2020 - 15:59 | 09-03-2012 - 00:55 | |
CVE-2011-3047 | 9.3 |
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
|
16-04-2020 - 15:58 | 10-03-2012 - 19:55 | |
CVE-2012-1845 | 9.3 |
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition
|
16-04-2020 - 15:41 | 22-03-2012 - 16:55 | |
CVE-2012-1846 | 10.0 |
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affecte
|
16-04-2020 - 15:27 | 22-03-2012 - 16:55 | |
CVE-2011-3049 | 5.0 |
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
|
16-04-2020 - 15:25 | 23-03-2012 - 10:55 | |
CVE-2011-3050 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lette
|
14-04-2020 - 16:06 | 22-03-2012 - 16:55 | |
CVE-2011-3045 | 6.8 |
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly exe
|
14-04-2020 - 16:06 | 22-03-2012 - 16:55 | |
CVE-2011-3051 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade f
|
14-04-2020 - 16:02 | 22-03-2012 - 16:55 | |
CVE-2011-3053 | 6.8 |
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
|
14-04-2020 - 16:01 | 22-03-2012 - 16:55 | |
CVE-2011-3052 | 6.8 |
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
14-04-2020 - 15:57 | 22-03-2012 - 16:55 | |
CVE-2011-3054 | 4.3 |
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
|
14-04-2020 - 15:56 | 22-03-2012 - 16:55 | |
CVE-2011-3055 | 4.3 |
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
|
14-04-2020 - 15:43 | 22-03-2012 - 16:55 | |
CVE-2011-3056 | 6.8 |
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
|
14-04-2020 - 15:41 | 22-03-2012 - 16:55 | |
CVE-2011-3057 | 4.3 |
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
|
14-04-2020 - 15:40 | 22-03-2012 - 16:55 | |
CVE-2011-3058 | 4.3 |
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
|
14-04-2020 - 15:17 | 30-03-2012 - 22:55 | |
CVE-2011-3060 | 6.8 |
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
14-04-2020 - 15:16 | 30-03-2012 - 22:55 | |
CVE-2011-3059 | 6.8 |
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
14-04-2020 - 15:16 | 30-03-2012 - 22:55 | |
CVE-2011-3061 | 5.8 |
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
|
14-04-2020 - 15:13 | 30-03-2012 - 22:55 | |
CVE-2011-3063 | 4.3 |
Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.
|
14-04-2020 - 15:12 | 30-03-2012 - 22:55 | |
CVE-2011-3065 | 6.8 |
Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
14-04-2020 - 15:11 | 30-03-2012 - 22:55 | |
CVE-2011-3064 | 7.5 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
|
14-04-2020 - 15:10 | 30-03-2012 - 22:55 | |
CVE-2011-3066 | 6.8 |
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
14-04-2020 - 14:59 | 05-04-2012 - 22:02 | |
CVE-2011-3067 | 6.8 |
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
|
14-04-2020 - 14:58 | 05-04-2012 - 22:02 | |
CVE-2011-3068 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
|
14-04-2020 - 14:57 | 05-04-2012 - 22:02 | |
CVE-2011-3069 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
|
14-04-2020 - 14:57 | 05-04-2012 - 22:02 | |
CVE-2011-3070 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
|
14-04-2020 - 14:57 | 05-04-2012 - 22:02 | |
CVE-2011-3071 | 6.8 |
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
14-04-2020 - 14:50 | 05-04-2012 - 22:02 | |
CVE-2011-3072 | 6.8 |
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
|
14-04-2020 - 14:48 | 05-04-2012 - 22:02 | |
CVE-2011-3074 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
|
14-04-2020 - 14:28 | 05-04-2012 - 22:02 | |
CVE-2011-3073 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
|
14-04-2020 - 14:28 | 05-04-2012 - 22:02 | |
CVE-2011-3075 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
|
14-04-2020 - 14:27 | 05-04-2012 - 22:02 | |
CVE-2011-3076 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
|
14-04-2020 - 14:14 | 05-04-2012 - 22:02 | |
CVE-2011-3077 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the script bindings, related to a "read-after-free" issue.
|
14-04-2020 - 14:13 | 05-04-2012 - 22:02 | |
CVE-2011-3080 | 7.6 |
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
|
14-04-2020 - 14:13 | 01-05-2012 - 10:12 | |
CVE-2012-1521 | 6.8 |
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
13-04-2020 - 17:17 | 01-05-2012 - 10:12 | |
CVE-2011-3078 | 6.8 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011
|
13-04-2020 - 17:15 | 01-05-2012 - 10:12 | |
CVE-2011-3081 | 9.3 |
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011
|
13-04-2020 - 16:19 | 01-05-2012 - 10:12 | |
CVE-2005-1987 | 7.5 |
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstra
|
09-04-2020 - 13:28 | 13-10-2005 - 10:02 | |
CVE-2002-0049 | 6.4 |
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
|
02-04-2020 - 12:38 | 08-03-2002 - 05:00 | |
CVE-2009-4028 | 6.8 |
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary
|
17-12-2019 - 20:26 | 30-11-2009 - 17:30 | |
CVE-2010-1850 | 6.0 |
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
|
17-12-2019 - 20:26 | 08-06-2010 - 00:30 | |
CVE-2009-4019 | 4.0 |
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use
|
17-12-2019 - 20:26 | 30-11-2009 - 17:30 | |
CVE-2010-1848 | 6.5 |
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tab
|
17-12-2019 - 20:26 | 08-06-2010 - 00:30 | |
CVE-2010-1849 | 5.0 |
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum lengt
|
17-12-2019 - 20:26 | 08-06-2010 - 00:30 | |
CVE-2009-0819 | 4.0 |
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," wh
|
17-12-2019 - 20:23 | 05-03-2009 - 02:30 | |
CVE-2010-3492 | 5.0 |
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, whic
|
29-10-2019 - 00:56 | 19-10-2010 - 20:00 | |
CVE-2010-3493 | 4.3 |
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept f
|
25-10-2019 - 11:53 | 19-10-2010 - 20:00 | |
CVE-2010-3637 | 9.3 |
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
CVE-2012-1516 | 9.0 |
The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host
|
27-09-2019 - 18:13 | 04-05-2012 - 16:55 | |
CVE-2012-5376 | 9.3 |
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerabili
|
27-09-2019 - 17:19 | 11-10-2012 - 10:51 | |
CVE-2011-1265 | 8.3 |
The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary
|
27-09-2019 - 17:05 | 13-07-2011 - 22:55 | |
CVE-2009-0658 | 9.3 |
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as expl
|
27-09-2019 - 16:48 | 20-02-2009 - 19:30 | |
CVE-2010-1029 | 5.0 |
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (ap
|
26-09-2019 - 17:05 | 19-03-2010 - 21:30 | |
CVE-2011-1300 | 10.0 |
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google C
|
18-07-2019 - 12:28 | 15-04-2011 - 19:55 | |
CVE-2013-3918 | 9.3 |
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold
|
14-05-2019 - 14:24 | 12-11-2013 - 14:35 | |
CVE-2009-1928 | 7.8 |
Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active D
|
30-04-2019 - 14:27 | 11-11-2009 - 19:30 | |
CVE-2004-0201 | 10.0 |
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vuln
|
30-04-2019 - 14:27 | 06-08-2004 - 04:00 | |
CVE-2004-0568 | 10.0 |
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious
|
30-04-2019 - 14:27 | 10-01-2005 - 05:00 | |
CVE-2008-0088 | 6.8 |
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted
|
30-04-2019 - 14:27 | 12-02-2008 - 21:00 | |
CVE-2005-0063 | 7.5 |
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML App
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2005-1214 | 5.1 |
Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
|
30-04-2019 - 14:27 | 14-06-2005 - 04:00 | |
CVE-2009-1139 | 7.8 |
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (m
|
30-04-2019 - 14:27 | 10-06-2009 - 18:00 | |
CVE-2012-0022 | 5.0 |
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters
|
25-03-2019 - 11:33 | 19-01-2012 - 04:01 | |
CVE-2008-0085 | 5.0 |
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memor
|
28-02-2019 - 00:59 | 08-07-2008 - 23:41 | |
CVE-2009-2506 | 9.3 |
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC
|
26-02-2019 - 14:04 | 09-12-2009 - 18:30 | |
CVE-2008-0107 | 9.0 |
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allo
|
26-02-2019 - 14:04 | 08-07-2008 - 23:41 | |
CVE-2011-0041 | 9.3 |
Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF i
|
26-02-2019 - 14:04 | 13-04-2011 - 18:55 | |
CVE-2013-3343 | 10.0 |
Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and befor
|
13-12-2018 - 15:29 | 12-06-2013 - 03:30 | |
CVE-2011-3866 | 4.3 |
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
|
29-11-2018 - 16:02 | 29-09-2011 - 00:55 | |
CVE-2011-3002 | 9.3 |
Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application
|
29-11-2018 - 16:02 | 29-09-2011 - 00:55 | |
CVE-2011-3003 | 10.0 |
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting
|
29-11-2018 - 16:02 | 29-09-2011 - 00:55 | |
CVE-2011-2822 | 10.0 |
Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.
|
29-11-2018 - 15:50 | 29-08-2011 - 15:55 | |
CVE-2011-2455 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:41 | 11-11-2011 - 16:55 | |
CVE-2011-2453 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:40 | 11-11-2011 - 16:55 | |
CVE-2011-2454 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:40 | 11-11-2011 - 16:55 | |
CVE-2011-2452 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:39 | 11-11-2011 - 16:55 | |
CVE-2011-2459 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:38 | 11-11-2011 - 16:55 | |
CVE-2011-2451 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:38 | 11-11-2011 - 16:55 | |
CVE-2011-2460 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:38 | 11-11-2011 - 16:55 | |
CVE-2011-2456 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecifi
|
29-11-2018 - 15:37 | 11-11-2011 - 16:55 | |
CVE-2011-2450 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (he
|
29-11-2018 - 15:37 | 11-11-2011 - 16:55 | |
CVE-2011-2457 | 10.0 |
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code v
|
29-11-2018 - 15:37 | 11-11-2011 - 16:55 | |
CVE-2011-2458 | 9.3 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross
|
29-11-2018 - 15:37 | 11-11-2011 - 16:55 | |
CVE-2011-2445 | 10.0 |
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
|
29-11-2018 - 15:36 | 11-11-2011 - 16:55 | |
CVE-2010-1230 | 10.0 |
Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors.
|
16-11-2018 - 16:28 | 01-04-2010 - 22:30 | |
CVE-2010-0650 | 2.6 |
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
|
16-11-2018 - 16:13 | 18-02-2010 - 18:00 | |
CVE-2010-0159 | 10.0 |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
|
16-11-2018 - 15:56 | 22-02-2010 - 13:00 | |
CVE-2009-0143 | 4.3 |
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
|
08-11-2018 - 20:21 | 14-03-2009 - 18:30 | |
CVE-2009-0689 | 6.8 |
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD
|
02-11-2018 - 10:29 | 01-07-2009 - 13:00 | |
CVE-2012-5146 | 5.0 |
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5139 | 10.0 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2012-5132 | 5.0 |
Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding.
|
30-10-2018 - 16:27 | 28-11-2012 - 01:55 | |
CVE-2012-5150 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5147 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5135 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
|
30-10-2018 - 16:27 | 28-11-2012 - 01:55 | |
CVE-2012-5140 | 10.0 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2012-5144 | 10.0 |
Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impa
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2012-5143 | 10.0 |
Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2012-5152 | 5.0 |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5149 | 7.5 |
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5141 | 10.0 |
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2012-5148 | 7.5 |
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5136 | 6.8 |
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML do
|
30-10-2018 - 16:27 | 28-11-2012 - 01:55 | |
CVE-2012-5137 | 10.0 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
|
30-10-2018 - 16:27 | 04-12-2012 - 06:05 | |
CVE-2012-5154 | 7.5 |
Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5142 | 10.0 |
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
|
30-10-2018 - 16:27 | 12-12-2012 - 11:38 | |
CVE-2012-5133 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
|
30-10-2018 - 16:27 | 28-11-2012 - 01:55 | |
CVE-2012-5130 | 5.0 |
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
30-10-2018 - 16:27 | 28-11-2012 - 01:55 | |
CVE-2012-5153 | 7.5 |
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-5138 | 10.0 |
Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors.
|
30-10-2018 - 16:27 | 04-12-2012 - 06:05 | |
CVE-2012-5145 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-2885 | 7.5 |
Double free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to application exit.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2878 | 7.5 |
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to plug-in handling.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2011-3079 | 10.0 |
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
|
30-10-2018 - 16:27 | 01-05-2012 - 10:12 | |
CVE-2012-2886 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Google V8 bindings, aka "Universal XSS (UXSS)."
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2881 | 7.5 |
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2013-0836 | 6.8 |
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via craf
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-2877 | 5.0 |
The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2013-1846 | 4.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. Per http://lists.o
|
30-10-2018 - 16:27 | 02-05-2013 - 14:55 | |
CVE-2012-2866 | 7.5 |
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
|
30-10-2018 - 16:27 | 31-08-2012 - 19:55 | |
CVE-2013-2088 | 7.1 |
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
|
30-10-2018 - 16:27 | 31-07-2013 - 13:20 | |
CVE-2012-2876 | 7.5 |
Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2868 | 6.8 |
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) obj
|
30-10-2018 - 16:27 | 31-08-2012 - 19:55 | |
CVE-2010-2553 | 9.3 |
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vul
|
30-10-2018 - 16:27 | 11-08-2010 - 18:47 | |
CVE-2013-0835 | 5.0 |
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-2883 | 7.5 |
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2874
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2888 | 7.5 |
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG text references.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2879 | 4.3 |
Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service (DOM topology corruption) via a crafted document.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2865 | 4.3 |
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
|
30-10-2018 - 16:27 | 31-08-2012 - 19:55 | |
CVE-2012-2867 | 5.0 |
The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
30-10-2018 - 16:27 | 31-08-2012 - 19:55 | |
CVE-2012-2869 | 7.5 |
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."
|
30-10-2018 - 16:27 | 31-08-2012 - 19:55 | |
CVE-2013-0831 | 7.5 |
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2012-2882 | 6.8 |
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "wild pointer" issue
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2887 | 7.5 |
Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2011-3098 | 7.2 |
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
|
30-10-2018 - 16:27 | 16-05-2012 - 00:55 | |
CVE-2012-2880 | 7.5 |
Race condition in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the plug-in paint buffer.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2884 | 5.0 |
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2874 | 7.5 |
Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883
|
30-10-2018 - 16:27 | 26-09-2012 - 10:56 | |
CVE-2012-2872 | 4.3 |
Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
30-10-2018 - 16:27 | 31-08-2012 - 19:55 | |
CVE-2013-1845 | 2.1 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a
|
30-10-2018 - 16:27 | 02-05-2013 - 14:55 | |
CVE-2013-0833 | 5.0 |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2013-2112 | 7.8 |
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
|
30-10-2018 - 16:27 | 31-07-2013 - 13:20 | |
CVE-2013-0837 | 7.5 |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2013-0830 | 7.5 |
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2013-0832 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2013-1968 | 5.5 |
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
|
30-10-2018 - 16:27 | 31-07-2013 - 13:20 | |
CVE-2013-0834 | 5.0 |
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
|
30-10-2018 - 16:27 | 15-01-2013 - 21:55 | |
CVE-2013-0420 | 2.4 |
Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the Januar
|
30-10-2018 - 16:27 | 17-01-2013 - 01:55 | |
CVE-2010-3975 | 9.3 |
Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file th
|
30-10-2018 - 16:26 | 19-10-2010 - 21:00 | |
CVE-2010-4450 | 3.7 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux all
|
30-10-2018 - 16:26 | 17-02-2011 - 19:00 | |
CVE-2010-3569 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3572 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3562 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3571 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3565 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inf
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3556 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://w
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3559 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3557 | 6.8 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3554 | 10.0 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3568 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-3553 | 10.0 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2010-2661 | 4.3 |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspec
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2010-3551 | 5.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
CVE-2008-3004 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute a
|
30-10-2018 - 16:26 | 12-08-2008 - 23:41 | |
CVE-2011-2425 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2011-2426 | 9.3 |
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2010-2663 | 4.3 |
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2010-2659 | 4.3 |
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2011-2429 | 5.0 |
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2011-2110 | 10.0 |
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exp
|
30-10-2018 - 16:26 | 16-06-2011 - 23:55 | |
CVE-2008-3006 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 a
|
30-10-2018 - 16:26 | 12-08-2008 - 23:41 | |
CVE-2011-2416 | 10.0 |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2011-2139 | 6.4 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Pol
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2010-2215 | 4.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2009-3800 | 9.3 |
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2008-3005 | 9.3 |
Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array
|
30-10-2018 - 16:26 | 12-08-2008 - 23:41 | |
CVE-2011-2107 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
|
30-10-2018 - 16:26 | 09-06-2011 - 02:38 | |
CVE-2011-2140 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2010-2884 | 9.3 |
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS
|
30-10-2018 - 16:26 | 15-09-2010 - 18:00 | |
CVE-2010-2213 | 9.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2009-3799 | 9.3 |
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers me
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2011-2136 | 10.0 |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2011-2414 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2011-2138 | 10.0 |
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2009-3266 | 4.3 |
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds
|
30-10-2018 - 16:26 | 18-09-2009 - 22:30 | |
CVE-2009-3796 | 9.3 |
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2011-2137 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 21:55 | |
CVE-2011-2427 | 9.3 |
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2009-4071 | 5.8 |
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site s
|
30-10-2018 - 16:26 | 24-11-2009 - 17:30 | |
CVE-2011-2417 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2009-3951 | 7.1 |
Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exis
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2010-2421 | 10.0 |
Multiple unspecified vulnerabilities in Opera before 10.54 have unknown impact and attack vectors related to (1) "extremely severe," (2) "highly severe," (3) "moderately severe," and (4) "less severe" issues.
|
30-10-2018 - 16:26 | 22-06-2010 - 17:30 | |
CVE-2011-2135 | 10.0 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2009-3794 | 9.3 |
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2010-2662 | 4.3 |
Opera before 10.60 allows remote attackers to bypass the popup blocker via a javascript: URL and a "fake click."
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2010-2660 | 4.3 |
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices o
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2009-3045 | 5.0 |
Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
|
30-10-2018 - 16:26 | 02-09-2009 - 17:30 | |
CVE-2009-4072 | 10.0 |
Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue."
|
30-10-2018 - 16:26 | 24-11-2009 - 17:30 | |
CVE-2011-2130 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 21:55 | |
CVE-2010-2658 | 4.3 |
Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2009-3798 | 9.3 |
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
|
30-10-2018 - 16:26 | 10-12-2009 - 19:30 | |
CVE-2009-3047 | 4.3 |
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs.
|
30-10-2018 - 16:26 | 02-09-2009 - 17:30 | |
CVE-2011-2428 | 9.3 |
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic err
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2010-2216 | 9.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2009-3049 | 5.0 |
Opera before 10.00 does not properly display all characters in Internationalized Domain Names (IDN) in the address bar, which allows remote attackers to spoof URLs and conduct phishing attacks, related to Unicode and Punycode.
|
30-10-2018 - 16:26 | 02-09-2009 - 17:30 | |
CVE-2010-2665 | 4.3 |
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2011-2424 | 9.3 |
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or
|
30-10-2018 - 16:26 | 15-08-2011 - 21:55 | |
CVE-2011-2415 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 22:55 | |
CVE-2010-2666 | 9.3 |
Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execu
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2010-2664 | 4.3 |
Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.
|
30-10-2018 - 16:26 | 08-07-2010 - 12:54 | |
CVE-2011-2134 | 10.0 |
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
|
30-10-2018 - 16:26 | 10-08-2011 - 21:55 | |
CVE-2010-2214 | 9.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-020
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2010-1728 | 9.3 |
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript
|
30-10-2018 - 16:26 | 06-05-2010 - 14:53 | |
CVE-2011-2444 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2011-2430 | 9.3 |
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
|
30-10-2018 - 16:26 | 22-09-2011 - 03:38 | |
CVE-2011-0560 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0608 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0578 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a d
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0579 | 5.0 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2010-0186 | 6.8 |
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain r
|
30-10-2018 - 16:26 | 15-02-2010 - 18:30 | |
CVE-2007-0035 | 9.3 |
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the
|
30-10-2018 - 16:26 | 08-05-2007 - 22:19 | |
CVE-2011-0626 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0577 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0559 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a d
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0607 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0628 | 9.3 |
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.
|
30-10-2018 - 16:26 | 31-05-2011 - 20:55 | |
CVE-2011-0619 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2008-0104 | 9.3 |
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
|
30-10-2018 - 16:26 | 12-02-2008 - 23:00 | |
CVE-2012-0772 | 10.0 |
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cau
|
30-10-2018 - 16:26 | 28-03-2012 - 19:55 | |
CVE-2011-0627 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0571 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2012-0768 | 10.0 |
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary
|
30-10-2018 - 16:26 | 05-03-2012 - 21:55 | |
CVE-2011-0624 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0618 | 9.3 |
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0558 | 9.3 |
Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0575 | 6.9 |
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Sea
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2010-0209 | 9.3 |
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-221
|
30-10-2018 - 16:26 | 11-08-2010 - 18:47 | |
CVE-2011-0625 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0561 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0622 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0574 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0621 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0573 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2012-0769 | 5.0 |
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to ob
|
30-10-2018 - 16:26 | 05-03-2012 - 21:55 | |
CVE-2011-0623 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2011-0572 | 9.3 |
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-
|
30-10-2018 - 16:26 | 10-02-2011 - 16:00 | |
CVE-2011-0620 | 9.3 |
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerab
|
30-10-2018 - 16:26 | 13-05-2011 - 22:55 | |
CVE-2010-0187 | 4.3 |
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
|
30-10-2018 - 16:26 | 15-02-2010 - 18:30 | |
CVE-2010-3630 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://www.adobe.com/suppor
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4031 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Ma
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-3621 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4030 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers t
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-3656 | 4.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. Per: http://www.adobe
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4837 | 9.3 |
Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 a
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2008-4025 | 9.3 |
Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-3658 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3622 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4026 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-4091 | 9.3 |
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF
|
30-10-2018 - 16:25 | 07-11-2010 - 22:00 | |
CVE-2010-3629 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. Per: http://www.adobe.co
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3628 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3625 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." Per: http://www.adobe.com/support/security
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3626 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3627 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3657 | 4.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. Per: http://www.adobe
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3619 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4027 | 9.3 |
Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2007-5348 | 9.3 |
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerP
|
30-10-2018 - 16:25 | 11-09-2008 - 01:01 | |
CVE-2010-3632 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3620 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-4028 | 9.3 |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Ma
|
30-10-2018 - 16:25 | 10-12-2008 - 14:00 | |
CVE-2010-3631 | 9.3 |
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2010-3624 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html
'This update
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2009-3954 | 10.0 |
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2009-3459 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in Octobe
|
30-10-2018 - 16:25 | 13-10-2009 - 10:30 | |
CVE-2010-2889 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2008-3012 | 9.3 |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
|
30-10-2018 - 16:25 | 11-09-2008 - 01:11 | |
CVE-2009-2983 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/s
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2176 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2163 | 9.3 |
Multiple unspecified vulnerabilities in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-3376 | 9.3 |
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via
|
30-10-2018 - 16:25 | 29-10-2009 - 14:30 | |
CVE-2010-2201 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2187 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2175 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2164 | 9.3 |
Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a c
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2994 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html
Summa
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2206 | 9.3 |
Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and tri
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2177 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2987 | 4.3 |
Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors. Per: http://www.adobe.com/support/
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2985 | 9.3 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2202 | 9.3 |
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
|
30-10-2018 - 16:25 | 10-09-2009 - 21:30 | |
CVE-2010-2184 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2171 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2168 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerabil
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-1295 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2009-3956 | 10.0 |
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerabi
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2010-2888 | 9.3 |
Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2009-2989 | 9.3 |
Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html
This up
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2979 | 4.3 |
Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Per: http://www.adobe.com/s
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2993 | 9.3 |
The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows r
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2210 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2181 | 9.3 |
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2185 | 9.3 |
Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2167 | 9.3 |
Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2161 | 9.3 |
Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code." Per: http://www.adobe.com/support/secu
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2982 | 9.3 |
An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Per: http://www.adobe.com/support/secur
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-3958 | 10.0 |
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2009-3373 | 10.0 |
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:25 | 29-10-2009 - 14:30 | |
CVE-2009-2991 | 9.3 |
Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/sup
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2207 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2173 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newclass (0x58) operator,
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2008-3629 | 4.3 |
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
|
30-10-2018 - 16:25 | 11-09-2008 - 01:13 | |
CVE-2009-3460 | 9.3 |
Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bu
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-3793 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2984 | 9.3 |
Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://ww
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2205 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb1
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2183 | 9.3 |
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2170 and CVE-2010-2
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2202 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2189 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute a
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-3957 | 5.0 |
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-02
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2009-2996 | 9.3 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2008-3624 | 6.8 |
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
|
30-10-2018 - 16:25 | 11-09-2008 - 01:13 | |
CVE-2010-2188 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 conn
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-1285 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that trigge
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2009-3959 | 10.0 |
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Per: http://www.adobe.com/support/secur
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2009-3458 | 9.3 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: http://w
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2990 | 9.3 |
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.htm
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2174 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an "invalid pointer vulnerability" and the newfunction (0x44) operat
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2166 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2203 | 9.3 |
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
|
30-10-2018 - 16:25 | 10-09-2009 - 21:30 | |
CVE-2006-4534 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with name
|
30-10-2018 - 16:25 | 05-09-2006 - 17:04 | |
CVE-2009-2995 | 4.3 |
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html
This update resolve
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2980 | 9.3 |
Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/b
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2178 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2997 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2008-3626 | 6.8 |
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory
|
30-10-2018 - 16:25 | 11-09-2008 - 01:13 | |
CVE-2009-3955 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer si
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
CVE-2010-2180 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2204 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://www.adobe.com/supp
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2170 | 9.3 |
Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2181 and CVE-2010-2
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-2162 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calcula
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2008-3614 | 6.8 |
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
|
30-10-2018 - 16:25 | 11-09-2008 - 01:13 | |
CVE-2009-3372 | 9.3 |
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
|
30-10-2018 - 16:25 | 29-10-2009 - 14:30 | |
CVE-2010-2890 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
CVE-2009-2992 | 4.3 |
An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Per: http://www.ado
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2208 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/suppo
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2160 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumente
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2006-3651 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
|
30-10-2018 - 16:25 | 10-10-2006 - 22:07 | |
CVE-2010-2211 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2169 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: http://www.ado
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2010-1799 | 9.3 |
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
|
30-10-2018 - 16:25 | 16-08-2010 - 18:39 | |
CVE-2009-3462 | 5.1 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." Per: http://www.adobe.com/support/secur
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2981 | 9.3 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Per: http://www.adobe.com/support/secur
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2798 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
|
30-10-2018 - 16:25 | 10-09-2009 - 21:30 | |
CVE-2010-2165 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2988 | 4.3 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-1
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2010-2182 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2008-3014 | 9.3 |
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 20
|
30-10-2018 - 16:25 | 11-09-2008 - 01:11 | |
CVE-2010-2209 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2010-2186 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. P
|
30-10-2018 - 16:25 | 15-06-2010 - 18:00 | |
CVE-2009-2998 | 9.3 |
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: http://w
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2986 | 9.3 |
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb
|
30-10-2018 - 16:25 | 19-10-2009 - 22:30 | |
CVE-2009-2799 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.
|
30-10-2018 - 16:25 | 10-09-2009 - 21:30 | |
CVE-2010-2212 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a cra
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
CVE-2011-0600 | 9.3 |
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorre
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0570 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0178 | 7.6 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript wit
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2009-0951 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2011-0606 | 9.3 |
Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0169 | 5.0 |
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings i
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2009-0952 | 9.3 |
Buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted compressed PSD image.
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2010-0182 | 4.3 |
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0204 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0196 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0201 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0177 | 9.3 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to ex
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2009-0955 | 9.3 |
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2009-0003 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2009-0001 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2011-0591 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0198 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2011-0592 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2009-0185 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2009-1303 | 5.0 |
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGE
|
30-10-2018 - 16:25 | 22-04-2009 - 18:30 | |
CVE-2010-0167 | 9.3 |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash)
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2009-0188 | 9.3 |
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie composed of a Sorenson 3 video file.
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2011-0602 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0174 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2010-0173 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and applica
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2011-0593 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0202 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2011-0605 | 6.8 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0585 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0191 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2009-0954 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types.
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2011-0562 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0598 | 9.3 |
Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0192 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2011-0590 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CV
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0175 | 9.3 |
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of se
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2009-0953 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2011-0594 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0563 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0595 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0567 | 9.3 |
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that tri
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0176 | 9.3 |
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2011-0603 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0564 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0193 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2009-0005 | 9.3 |
Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2011-0586 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0203 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0179 | 5.1 |
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2011-0599 | 9.3 |
The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointe
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0199 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0171 | 4.3 |
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) at
|
30-10-2018 - 16:25 | 25-03-2010 - 21:00 | |
CVE-2009-0004 | 9.3 |
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2011-0596 | 9.3 |
The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0589 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0197 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2010-0190 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2011-0587 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2009-0002 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.
|
30-10-2018 - 16:25 | 21-01-2009 - 20:30 | |
CVE-2009-0957 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2011-0604 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0565 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0195 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2009-1311 | 4.3 |
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during
|
30-10-2018 - 16:25 | 22-04-2009 - 18:30 | |
CVE-2011-0588 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2011-0568 | 6.8 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2010-0194 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
CVE-2004-0200 | 9.3 |
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to
|
30-10-2018 - 16:25 | 28-09-2004 - 04:00 | |
CVE-2011-0566 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
CVE-2009-0956 | 9.3 |
Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of s
|
30-10-2018 - 16:25 | 02-06-2009 - 18:30 | |
CVE-2010-0181 | 4.3 |
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial o
|
30-10-2018 - 16:25 | 05-04-2010 - 17:30 | |
CVE-2006-0001 | 9.3 |
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
|
19-10-2018 - 15:41 | 12-09-2006 - 23:07 | |
CVE-2006-0009 | 5.1 |
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware suc
|
19-10-2018 - 15:41 | 14-03-2006 - 23:02 | |
CVE-2006-3647 | 9.3 |
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Co
|
18-10-2018 - 16:48 | 10-10-2006 - 22:07 | |
CVE-2006-5994 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string
|
17-10-2018 - 21:46 | 06-12-2006 - 20:28 | |
CVE-2006-6134 | 7.5 |
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application cra
|
17-10-2018 - 21:46 | 28-11-2006 - 01:07 | |
CVE-2007-1754 | 9.3 |
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, wh
|
16-10-2018 - 16:40 | 10-07-2007 - 22:30 | |
CVE-2007-1202 | 6.8 |
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attacker
|
16-10-2018 - 16:37 | 08-05-2007 - 23:19 | |
CVE-2007-0045 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Exp
|
16-10-2018 - 16:30 | 03-01-2007 - 21:28 | |
CVE-2007-0048 | 5.0 |
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a deni
|
16-10-2018 - 16:30 | 03-01-2007 - 21:28 | |
CVE-2008-0106 | 9.0 |
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
|
15-10-2018 - 21:57 | 08-07-2008 - 23:41 | |
CVE-2008-0109 | 9.3 |
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation err
|
15-10-2018 - 21:57 | 12-02-2008 - 23:00 | |
CVE-2008-0119 | 9.3 |
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corrupt
|
15-10-2018 - 21:57 | 13-05-2008 - 22:20 | |
CVE-2013-3860 | 7.8 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML d
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3855 | 9.3 |
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerab
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3870 | 9.3 |
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3852 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corrupti
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3853 | 9.3 |
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3889 | 9.3 |
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Serve
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3854 | 9.3 |
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3861 | 7.8 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
CVE-2013-3858 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3857 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attacker
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3851 | 9.3 |
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "W
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3856 | 9.3 |
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
CVE-2013-3159 | 4.3 |
Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an en
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3133 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafte
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3160 | 5.0 |
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XM
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3132 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBA
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3847 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3849 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3848 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3134 | 9.3 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework ap
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-3850 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
CVE-2013-3136 | 4.4 |
The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to ob
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
CVE-2013-3131 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a craf
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
CVE-2013-1329 | 9.3 |
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1335 | 9.3 |
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1318 | 10.0 |
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1324 | 9.3 |
Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability."
|
12-10-2018 - 22:04 | 13-11-2013 - 00:55 | |
CVE-2013-1282 | 5.0 |
The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
CVE-2013-1323 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1327 | 9.3 |
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1320 | 10.0 |
Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1317 | 9.3 |
Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1319 | 10.0 |
Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1302 | 9.3 |
Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lyn
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1316 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1321 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1328 | 9.3 |
Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2013-1322 | 10.0 |
Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
CVE-2012-2528 | 9.3 |
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote atta
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
CVE-2012-2543 | 9.3 |
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack O
|
12-10-2018 - 22:03 | 14-11-2012 - 00:55 | |
CVE-2012-2552 | 4.3 |
Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or H
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
CVE-2012-2520 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
CVE-2012-2524 | 9.3 |
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerabilit
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
CVE-2012-1847 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execu
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-1515 | 8.3 |
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtu
|
12-10-2018 - 22:02 | 02-04-2012 - 10:46 | |
CVE-2012-1849 | 9.3 |
Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file,
|
12-10-2018 - 22:02 | 12-06-2012 - 22:55 | |
CVE-2012-1892 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
|
12-10-2018 - 22:02 | 11-09-2012 - 18:55 | |
CVE-2012-1886 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel
|
12-10-2018 - 22:02 | 14-11-2012 - 00:55 | |
CVE-2012-0167 | 9.3 |
Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0165 | 9.3 |
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, a
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0142 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitr
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0185 | 9.3 |
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0181 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard L
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0184 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execu
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0141 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitr
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0159 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 bef
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
CVE-2012-0182 | 9.3 |
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
|
12-10-2018 - 22:02 | 09-10-2012 - 21:55 | |
CVE-2011-3410 | 9.3 |
Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vu
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-3412 | 9.3 |
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-3411 | 9.3 |
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2011-1969 | 9.3 |
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1982 | 9.3 |
Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1987 | 9.3 |
Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Offic
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1988 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not proper
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1990 | 9.3 |
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an uns
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1896 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1989 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for
|
12-10-2018 - 22:01 | 15-09-2011 - 12:26 | |
CVE-2011-1895 | 4.3 |
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XS
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-1897 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vul
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2011-2012 | 5.0 |
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Ses
|
12-10-2018 - 22:01 | 12-10-2011 - 02:52 | |
CVE-2012-0007 | 4.3 |
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) a
|
12-10-2018 - 22:01 | 10-01-2012 - 21:55 | |
CVE-2012-0008 | 6.9 |
Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." Per: http://technet.mic
|
12-10-2018 - 22:01 | 13-03-2012 - 21:55 | |
CVE-2011-1272 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate rec
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1274 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate rec
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1508 | 9.3 |
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer
|
12-10-2018 - 22:00 | 14-12-2011 - 00:55 | |
CVE-2011-1273 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1280 | 4.3 |
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entitie
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-1276 | 9.3 |
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows re
|
12-10-2018 - 22:00 | 16-06-2011 - 20:55 | |
CVE-2011-0978 | 9.3 |
Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary c
|
12-10-2018 - 21:59 | 10-02-2011 - 19:00 | |
CVE-2011-0098 | 9.3 |
Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Format
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2011-0979 | 9.3 |
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, wh
|
12-10-2018 - 21:59 | 10-02-2011 - 19:00 | |
CVE-2011-0097 | 9.3 |
Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 a
|
12-10-2018 - 21:59 | 13-04-2011 - 18:55 | |
CVE-2010-3954 | 9.3 |
Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3955 | 9.3 |
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Inde
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3240 | 9.3 |
Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a cr
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3221 | 9.3 |
Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memor
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3334 | 9.3 |
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing a
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3337 | 9.3 |
Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-2571 | 9.3 |
Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array
|
12-10-2018 - 21:58 | 16-12-2010 - 19:33 | |
CVE-2010-3335 | 9.3 |
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that
|
12-10-2018 - 21:58 | 10-11-2010 - 03:00 | |
CVE-2010-3214 | 9.3 |
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer;
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-3232 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record informa
|
12-10-2018 - 21:58 | 13-10-2010 - 19:00 | |
CVE-2010-2570 | 9.3 |
Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka
|
12-10-2018 - 21:57 | 16-12-2010 - 19:33 | |
CVE-2010-1903 | 9.3 |
Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corrup
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1263 | 9.3 |
Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do n
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-1902 | 9.3 |
Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File For
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-2569 | 9.3 |
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a
|
12-10-2018 - 21:57 | 16-12-2010 - 19:33 | |
CVE-2010-1901 | 9.3 |
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not pro
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-1881 | 9.3 |
The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows
|
12-10-2018 - 21:57 | 15-07-2010 - 12:57 | |
CVE-2010-1900 | 9.3 |
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 d
|
12-10-2018 - 21:57 | 11-08-2010 - 18:47 | |
CVE-2010-0814 | 9.3 |
The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to
|
12-10-2018 - 21:57 | 15-07-2010 - 12:57 | |
CVE-2010-0821 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-0823 | 9.3 |
Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel
|
12-10-2018 - 21:57 | 08-06-2010 - 20:30 | |
CVE-2010-0479 | 9.3 |
Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow
|
12-10-2018 - 21:56 | 14-04-2010 - 16:00 | |
CVE-2010-0263 | 9.3 |
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Serv
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2010-0260 | 9.3 |
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2009-3135 | 9.3 |
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via
|
12-10-2018 - 21:52 | 11-11-2009 - 19:30 | |
CVE-2009-3132 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-3126 | 9.3 |
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
|
12-10-2018 - 21:52 | 14-10-2009 - 10:30 | |
CVE-2009-3134 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-3131 | 9.3 |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and P
|
12-10-2018 - 21:52 | 11-11-2009 - 20:30 | |
CVE-2009-2495 | 7.8 |
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obt
|
12-10-2018 - 21:51 | 29-07-2009 - 17:30 | |
CVE-2009-2501 | 9.3 |
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 G
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2500 | 9.3 |
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2493 | 9.3 |
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,
|
12-10-2018 - 21:51 | 29-07-2009 - 17:30 | |
CVE-2009-2504 | 9.3 |
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Mi
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-2503 | 9.3 |
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold a
|
12-10-2018 - 21:51 | 14-10-2009 - 10:30 | |
CVE-2009-1134 | 9.3 |
Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file w
|
12-10-2018 - 21:51 | 10-06-2009 - 18:30 | |
CVE-2009-0238 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remot
|
12-10-2018 - 21:50 | 25-02-2009 - 16:30 | |
CVE-2009-0560 | 9.3 |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0561 | 9.3 |
Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP
|
12-10-2018 - 21:50 | 10-06-2009 - 18:30 | |
CVE-2009-0901 | 9.3 |
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Serv
|
12-10-2018 - 21:50 | 29-07-2009 - 17:30 | |
CVE-2009-0566 | 9.3 |
Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Deref
|
12-10-2018 - 21:50 | 15-07-2009 - 15:30 | |
CVE-2008-5416 | 9.0 |
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 an
|
12-10-2018 - 21:49 | 10-12-2008 - 14:00 | |
CVE-2009-0100 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
|
12-10-2018 - 21:49 | 15-04-2009 - 08:00 | |
CVE-2009-0099 | 5.0 |
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2009-0098 | 9.3 |
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message
|
12-10-2018 - 21:49 | 10-02-2009 - 22:30 | |
CVE-2008-4264 | 9.3 |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open
|
12-10-2018 - 21:48 | 10-12-2008 - 14:00 | |
CVE-2008-3015 | 9.3 |
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2,
|
12-10-2018 - 21:47 | 11-09-2008 - 01:11 | |
CVE-2008-3003 | 6.6 |
Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information an
|
12-10-2018 - 21:47 | 12-08-2008 - 23:41 | |
CVE-2008-1445 | 7.1 |
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
|
12-10-2018 - 21:45 | 12-06-2008 - 02:32 | |
CVE-2008-1434 | 9.3 |
Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (C
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
CVE-2008-1091 | 9.3 |
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
CVE-2007-3891 | 6.8 |
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
|
12-10-2018 - 21:44 | 14-08-2007 - 22:17 | |
CVE-2008-0102 | 10.0 |
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
|
12-10-2018 - 21:44 | 12-02-2008 - 23:00 | |
CVE-2007-3033 | 4.3 |
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are no
|
12-10-2018 - 21:43 | 14-08-2007 - 22:17 | |
CVE-2007-3032 | 6.8 |
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.
|
12-10-2018 - 21:43 | 14-08-2007 - 22:17 | |
CVE-2005-0558 | 5.1 |
Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
|
12-10-2018 - 21:36 | 02-05-2005 - 04:00 | |
CVE-2005-0562 | 7.5 |
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
|
12-10-2018 - 21:36 | 12-04-2005 - 04:00 | |
CVE-2004-0963 | 10.0 |
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a
|
12-10-2018 - 21:35 | 09-02-2005 - 05:00 | |
CVE-2004-0897 | 10.0 |
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
|
12-10-2018 - 21:35 | 11-01-2005 - 05:00 | |
CVE-2004-0844 | 5.0 |
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Doubl
|
12-10-2018 - 21:35 | 03-11-2004 - 05:00 | |
CVE-2004-0597 | 10.0 |
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transpar
|
12-10-2018 - 21:34 | 23-11-2004 - 05:00 | |
CVE-2004-0199 | 5.1 |
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability
|
12-10-2018 - 21:34 | 14-06-2004 - 04:00 | |
CVE-2003-0909 | 7.2 |
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2003-0820 | 7.5 |
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
|
12-10-2018 - 21:33 | 15-12-2003 - 05:00 | |
CVE-2003-0908 | 7.2 |
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2002-0013 | 10.0 |
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by th
|
12-10-2018 - 21:30 | 13-02-2002 - 05:00 | |
CVE-2002-0012 | 10.0 |
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candi
|
12-10-2018 - 21:30 | 13-02-2002 - 05:00 | |
CVE-2008-7245 | 5.0 |
Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
11-10-2018 - 20:58 | 18-09-2009 - 22:30 | |
CVE-2009-0016 | 5.0 |
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
|
11-10-2018 - 20:58 | 14-03-2009 - 18:30 | |
CVE-2009-0006 | 9.3 |
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-b
|
11-10-2018 - 20:58 | 21-01-2009 - 20:30 | |
CVE-2008-4546 | 4.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP reque
|
11-10-2018 - 20:52 | 14-10-2008 - 15:28 | |
CVE-2008-3636 | 7.2 |
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear So
|
11-10-2018 - 20:48 | 11-09-2008 - 01:13 | |
CVE-2008-3625 | 9.3 |
Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfV
|
11-10-2018 - 20:48 | 11-09-2008 - 01:13 | |
CVE-2008-3627 | 9.3 |
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified compone
|
11-10-2018 - 20:48 | 11-09-2008 - 01:13 | |
CVE-2008-2430 | 9.3 |
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.
|
11-10-2018 - 20:41 | 07-07-2008 - 23:41 | |
CVE-2011-4061 | 6.9 |
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the cur
|
11-10-2018 - 10:29 | 18-10-2011 - 01:55 | |
CVE-2011-0258 | 9.3 |
Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file.
|
10-10-2018 - 20:09 | 06-09-2011 - 15:55 | |
CVE-2010-3976 | 9.3 |
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi
|
10-10-2018 - 20:06 | 19-10-2010 - 21:00 | |
CVE-2010-3573 | 5.1 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3567 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3566 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
CVE-2010-3561 | 7.5 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information
|
10-10-2018 - 20:03 | 19-10-2010 - 22:00 | |
CVE-2010-3550 | 9.3 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
10-10-2018 - 20:02 | 19-10-2010 - 22:00 | |
CVE-2010-3131 | 9.3 |
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbit
|
10-10-2018 - 20:01 | 26-08-2010 - 18:36 | |
CVE-2010-3128 | 9.3 |
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
|
10-10-2018 - 20:01 | 26-08-2010 - 18:36 | |
CVE-2010-2576 | 6.8 |
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1)
|
10-10-2018 - 19:59 | 16-08-2010 - 18:39 | |
CVE-2010-2120 | 4.3 |
Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
|
10-10-2018 - 19:58 | 01-06-2010 - 20:30 | |
CVE-2010-1992 | 5.0 |
Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with m
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1993 | 5.0 |
Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements.
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-2121 | 4.3 |
Opera 9.52 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
|
10-10-2018 - 19:58 | 01-06-2010 - 20:30 | |
CVE-2010-1986 | 5.0 |
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends lon
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1988 | 10.0 |
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substr
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-2117 | 4.3 |
Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.
|
10-10-2018 - 19:58 | 01-06-2010 - 20:30 | |
CVE-2010-1990 | 5.0 |
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive applicat
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1987 | 5.0 |
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs cer
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1989 | 5.0 |
Opera 9.52 executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with m
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
CVE-2010-1795 | 9.3 |
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
|
10-10-2018 - 19:57 | 20-08-2010 - 20:00 | |
CVE-2010-1585 | 9.3 |
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a c
|
10-10-2018 - 19:57 | 28-04-2010 - 22:30 | |
CVE-2010-1404 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SV
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1403 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary co
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1749 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1402 | 9.3 |
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors
|
10-10-2018 - 19:57 | 11-06-2010 - 18:00 | |
CVE-2010-1397 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1199 | 9.3 |
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for
|
10-10-2018 - 19:56 | 24-06-2010 - 12:30 | |
CVE-2010-1398 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (mem
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1278 | 9.3 |
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.
|
10-10-2018 - 19:56 | 22-04-2010 - 14:30 | |
CVE-2010-1392 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1401 | 9.3 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or caus
|
10-10-2018 - 19:56 | 11-06-2010 - 18:00 | |
CVE-2010-1125 | 5.8 |
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visi
|
10-10-2018 - 19:55 | 26-03-2010 - 20:30 | |
CVE-2010-0556 | 4.3 |
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive inf
|
10-10-2018 - 19:53 | 18-02-2010 - 17:30 | |
CVE-2010-0528 | 9.3 |
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample
|
10-10-2018 - 19:53 | 31-03-2010 - 18:30 | |
CVE-2010-0529 | 9.3 |
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafte
|
10-10-2018 - 19:53 | 31-03-2010 - 18:30 | |
CVE-2010-0526 | 4.3 |
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPE
|
10-10-2018 - 19:53 | 30-03-2010 - 18:30 | |
CVE-2010-0520 | 6.8 |
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0519 | 6.8 |
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles f
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0516 | 6.8 |
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption wh
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0517 | 6.8 |
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calcul
|
10-10-2018 - 19:52 | 30-03-2010 - 18:30 | |
CVE-2010-0160 | 10.0 |
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap me
|
10-10-2018 - 19:51 | 22-02-2010 - 13:00 | |
CVE-2010-0164 | 9.3 |
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application cras
|
10-10-2018 - 19:51 | 25-03-2010 - 21:00 | |
CVE-2010-0062 | 6.8 |
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encod
|
10-10-2018 - 19:49 | 30-03-2010 - 18:30 | |
CVE-2010-0059 | 6.8 |
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to i
|
10-10-2018 - 19:49 | 30-03-2010 - 17:30 | |
CVE-2009-3265 | 4.3 |
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: th
|
10-10-2018 - 19:43 | 18-09-2009 - 22:30 | |
CVE-2009-3269 | 5.0 |
Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
10-10-2018 - 19:43 | 18-09-2009 - 22:30 | |
CVE-2009-2564 | 7.2 |
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Ev
|
10-10-2018 - 19:40 | 21-07-2009 - 17:30 | |
CVE-2009-1828 | 5.0 |
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript on
|
10-10-2018 - 19:38 | 29-05-2009 - 20:30 | |
CVE-2009-1869 | 9.3 |
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly
|
10-10-2018 - 19:38 | 31-07-2009 - 19:30 | |
CVE-2009-1571 | 10.0 |
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that at
|
10-10-2018 - 19:37 | 22-02-2010 - 13:00 | |
CVE-2009-1312 | 4.3 |
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or
|
10-10-2018 - 19:35 | 22-04-2009 - 18:30 | |
CVE-2009-0744 | 5.0 |
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2012-0710 | 5.0 |
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.
|
10-10-2018 - 10:29 | 20-03-2012 - 20:55 | |
CVE-2012-0711 | 7.5 |
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that t
|
10-10-2018 - 10:29 | 20-03-2012 - 20:55 | |
CVE-2013-1739 | 5.0 |
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that t
|
09-10-2018 - 19:33 | 22-10-2013 - 22:55 | |
CVE-2011-0533 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, rela
|
09-10-2018 - 19:29 | 17-02-2011 - 18:00 | |
CVE-2009-2285 | 4.3 |
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
|
03-10-2018 - 22:00 | 01-07-2009 - 13:00 | |
CVE-2009-1310 | 4.3 |
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
|
03-10-2018 - 22:00 | 22-04-2009 - 18:30 | |
CVE-2009-1309 | 4.3 |
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ sco
|
03-10-2018 - 22:00 | 22-04-2009 - 18:30 | |
CVE-2009-1307 | 6.8 |
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1306 | 4.3 |
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other at
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1304 | 5.0 |
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1305 | 5.0 |
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-1302 | 5.0 |
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1
|
03-10-2018 - 21:59 | 22-04-2009 - 18:30 | |
CVE-2009-0772 | 9.3 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetO
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2009-0776 | 7.1 |
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2009-0774 | 9.3 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different v
|
03-10-2018 - 21:58 | 05-03-2009 - 02:30 | |
CVE-2011-0682 | 9.3 |
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
|
13-08-2018 - 21:47 | 31-01-2011 - 21:00 | |
CVE-2012-2686 | 5.0 |
crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.
|
09-08-2018 - 01:29 | 08-02-2013 - 19:55 | |
CVE-2013-0166 | 5.0 |
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
|
09-08-2018 - 01:29 | 08-02-2013 - 19:55 | |
CVE-2006-6561 | 9.3 |
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a d
|
03-05-2018 - 01:29 | 14-12-2006 - 18:28 | |
CVE-2003-0544 | 5.0 |
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2003-0543 | 5.0 |
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2012-1797 | 10.0 |
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.
|
10-01-2018 - 02:29 | 20-03-2012 - 20:55 | |
CVE-2012-1796 | 7.2 |
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
|
10-01-2018 - 02:29 | 20-03-2012 - 20:55 | |
CVE-2012-0775 | 10.0 |
The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
10-01-2018 - 02:29 | 10-04-2012 - 23:55 | |
CVE-2012-0774 | 10.0 |
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
|
10-01-2018 - 02:29 | 10-04-2012 - 23:55 | |
CVE-2012-0452 | 7.5 |
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger
|
10-01-2018 - 02:29 | 11-02-2012 - 02:55 | |
CVE-2011-5035 | 5.0 |
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash coll
|
06-01-2018 - 02:29 | 30-12-2011 - 01:55 | |
CVE-2012-3291 | 7.8 |
Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.
|
05-01-2018 - 02:29 | 07-06-2012 - 20:55 | |
CVE-2011-3670 | 5.0 |
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by makin
|
29-12-2017 - 02:29 | 01-02-2012 - 16:55 | |
CVE-2011-3658 | 7.5 |
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly hav
|
29-12-2017 - 02:29 | 21-12-2011 - 04:02 | |
CVE-2011-3093 | 5.0 |
Google Chrome before 19.0.1084.46 does not properly handle glyphs, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3084 | 7.5 |
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3089 | 10.0 |
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3091 | 10.0 |
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3092 | 10.0 |
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3087 | 10.0 |
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3094 | 5.0 |
Google Chrome before 19.0.1084.46 does not properly handle Tibetan text, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3095 | 10.0 |
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2012-1960 | 5.0 |
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2012-1949 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or p
|
29-12-2017 - 02:29 | 18-07-2012 - 10:26 | |
CVE-2011-3090 | 7.6 |
Race condition in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to worker processes.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3100 | 5.0 |
Google Chrome before 19.0.1084.46 does not properly draw dash paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3083 | 5.0 |
browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service (NULL pointer dereference a
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3086 | 10.0 |
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3088 | 5.0 |
Google Chrome before 19.0.1084.46 does not properly draw hairlines, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3085 | 5.0 |
The Autofill feature in Google Chrome before 19.0.1084.46 does not properly restrict field values, which allows remote attackers to cause a denial of service (UI corruption) and possibly conduct spoofing attacks via vectors involving long values.
|
29-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2012-1518 | 8.3 |
VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain gue
|
29-12-2017 - 02:29 | 17-04-2012 - 21:55 | |
CVE-2012-1943 | 6.9 |
Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application dire
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-1942 | 7.2 |
The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.
|
29-12-2017 - 02:29 | 05-06-2012 - 23:55 | |
CVE-2012-0468 | 10.0 |
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vecto
|
29-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-0475 | 2.6 |
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1)
|
19-12-2017 - 02:29 | 25-04-2012 - 10:10 | |
CVE-2012-2450 | 9.0 |
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of s
|
14-12-2017 - 02:29 | 04-05-2012 - 16:55 | |
CVE-2012-2449 | 9.0 |
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to caus
|
14-12-2017 - 02:29 | 04-05-2012 - 16:55 | |
CVE-2012-1508 | 7.2 |
The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
13-12-2017 - 02:29 | 16-03-2012 - 20:55 | |
CVE-2012-1510 | 7.2 |
Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.
|
13-12-2017 - 02:29 | 16-03-2012 - 20:55 | |
CVE-2012-1517 | 9.0 |
The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involvin
|
13-12-2017 - 02:29 | 04-05-2012 - 16:55 | |
CVE-2012-1511 | 4.3 |
Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
06-12-2017 - 02:29 | 16-03-2012 - 20:55 | |
CVE-2011-3097 | 10.0 |
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
|
05-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2011-3099 | 10.0 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
|
05-12-2017 - 02:29 | 16-05-2012 - 00:55 | |
CVE-2012-0665 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
|
05-12-2017 - 02:29 | 16-05-2012 - 10:12 | |
CVE-2008-3628 | 9.3 |
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."
|
22-11-2017 - 17:23 | 11-09-2008 - 01:13 | |
CVE-2013-3744 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400. P
|
18-11-2017 - 02:29 | 18-06-2013 - 22:55 | |
CVE-2004-1346 | 2.1 |
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
|
11-10-2017 - 01:29 | 19-06-2004 - 04:00 | |
CVE-2009-1864 | 9.3 |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1865 | 9.3 |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulne
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1868 | 9.3 |
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors inv
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1866 | 9.3 |
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1870 | 4.9 |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1726 | 9.3 |
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
|
29-09-2017 - 01:34 | 06-08-2009 - 16:30 | |
CVE-2009-1867 | 4.3 |
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1863 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related
|
29-09-2017 - 01:34 | 31-07-2009 - 19:30 | |
CVE-2009-1233 | 4.3 |
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
|
29-09-2017 - 01:34 | 02-04-2009 - 17:30 | |
CVE-2009-1234 | 4.3 |
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.
|
29-09-2017 - 01:34 | 02-04-2009 - 17:30 | |
CVE-2009-0773 | 10.0 |
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2009-0914 | 9.3 |
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
|
29-09-2017 - 01:34 | 16-03-2009 - 19:30 | |
CVE-2009-0775 | 10.0 |
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2009-0777 | 5.8 |
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers
|
29-09-2017 - 01:34 | 05-03-2009 - 02:30 | |
CVE-2009-0114 | 5.8 |
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0522 | 4.3 |
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." P
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0321 | 4.3 |
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (
|
29-09-2017 - 01:33 | 28-01-2009 - 18:30 | |
CVE-2009-0519 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0520 | 9.3 |
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to
|
29-09-2017 - 01:33 | 26-02-2009 - 16:17 | |
CVE-2009-0008 | 7.6 |
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie. per http://lists.apple.c
|
29-09-2017 - 01:33 | 22-01-2009 - 18:30 | |
CVE-2009-0007 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms w
|
29-09-2017 - 01:33 | 21-01-2009 - 20:30 | |
CVE-2008-4116 | 9.3 |
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 o
|
29-09-2017 - 01:32 | 18-09-2008 - 15:04 | |
CVE-2008-2244 | 9.3 |
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
|
29-09-2017 - 01:31 | 09-07-2008 - 22:41 | |
CVE-2010-1818 | 9.3 |
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted poi
|
27-09-2017 - 01:29 | 31-08-2010 - 20:00 | |
CVE-2013-5838 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Per http://www.oracle.com/te
|
19-09-2017 - 01:36 | 16-10-2013 - 17:55 | |
CVE-2013-5771 | 6.4 |
Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors.
|
19-09-2017 - 01:36 | 16-10-2013 - 15:55 | |
CVE-2013-5592 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:36 | 30-10-2013 - 10:55 | |
CVE-2013-2871 | 7.5 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2840 | 7.5 |
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2868 | 5.0 |
common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension change
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2836 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.93 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2841 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2858 | 7.5 |
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2838 | 5.0 |
Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2854 | 7.5 |
Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2449 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous inform
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-2862 | 7.5 |
Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2846 | 7.5 |
Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2550 | 7.5 |
Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
|
19-09-2017 - 01:36 | 11-03-2013 - 10:55 | |
CVE-2013-2438 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2865 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2427 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2426 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Li
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2880 | 7.5 |
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2864 | 7.5 |
The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2844 | 7.5 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolutio
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2400 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744. P
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-2873 | 7.5 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-4277 | 3.3 |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
|
19-09-2017 - 01:36 | 16-09-2013 - 19:14 | |
CVE-2013-2874 | 4.3 |
Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2860 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2462 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Per: http://
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-2878 | 5.0 |
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2869 | 4.3 |
Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2855 | 5.0 |
The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2434 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2839 | 7.5 |
Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2421 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Ho
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2857 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2861 | 7.5 |
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2845 | 7.5 |
The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2436 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Librarie
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2842 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2853 | 6.8 |
The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ensure that headers are terminated by \r\n\r\n (carriage return, newline, carriage return, newline), which allows man-in-the-middle attackers to have an unspecified impact via vec
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2843 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2849 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2549 | 7.5 |
Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.
|
19-09-2017 - 01:36 | 11-03-2013 - 10:55 | |
CVE-2013-2460 | 9.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servicea
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-3826 | 5.0 |
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. Per http://www.oracle.com/technetwork/topics/security/cp
|
19-09-2017 - 01:36 | 16-10-2013 - 15:55 | |
CVE-2013-2866 | 4.3 |
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows rem
|
19-09-2017 - 01:36 | 19-06-2013 - 20:55 | |
CVE-2013-2458 | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the p
|
19-09-2017 - 01:36 | 18-06-2013 - 22:55 | |
CVE-2013-2847 | 6.8 |
Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2879 | 5.8 |
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2856 | 7.5 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2428 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2415 | 2.1 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is f
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2414 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2875 | 5.0 |
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2863 | 10.0 |
Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2848 | 5.0 |
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2425 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2870 | 9.3 |
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2837 | 7.5 |
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:36 | 22-05-2013 - 13:29 | |
CVE-2013-2867 | 7.5 |
Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site.
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2431 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Ho
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-4131 | 4.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) M
|
19-09-2017 - 01:36 | 31-07-2013 - 13:20 | |
CVE-2013-2876 | 5.0 |
browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a prev
|
19-09-2017 - 01:36 | 10-07-2013 - 10:55 | |
CVE-2013-2416 | 4.3 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-2859 | 7.5 |
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.
|
19-09-2017 - 01:36 | 05-06-2013 - 00:55 | |
CVE-2013-2178 | 5.0 |
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a r
|
19-09-2017 - 01:36 | 28-08-2013 - 23:55 | |
CVE-2013-1724 | 9.3 |
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1696 | 4.0 |
Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses.
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1728 | 4.3 |
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive inform
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1489 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very Hig
|
19-09-2017 - 01:36 | 31-01-2013 - 14:55 | |
CVE-2013-1482 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1705 | 10.0 |
Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Cert
|
19-09-2017 - 01:36 | 07-08-2013 - 01:55 | |
CVE-2013-1483 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1472 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1683 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1719 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1884 | 5.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitiali
|
19-09-2017 - 01:36 | 02-05-2013 - 14:55 | |
CVE-2013-1704 | 9.3 |
Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash)
|
19-09-2017 - 01:36 | 07-08-2013 - 01:55 | |
CVE-2013-1699 | 5.0 |
The Internationalized Domain Name (IDN) display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-2013 | 2.1 |
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
|
19-09-2017 - 01:36 | 01-10-2013 - 20:55 | |
CVE-2013-1721 | 9.3 |
Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted w
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1671 | 4.3 |
Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1564 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-1849 | 4.3 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. Per: http://cw
|
19-09-2017 - 01:36 | 02-05-2013 - 14:55 | |
CVE-2013-2268 | 7.5 |
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue.
|
19-09-2017 - 01:36 | 23-02-2013 - 21:55 | |
CVE-2013-1711 | 4.3 |
The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attac
|
19-09-2017 - 01:36 | 07-08-2013 - 01:55 | |
CVE-2013-1488 | 10.0 |
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the
|
19-09-2017 - 01:36 | 08-03-2013 - 18:55 | |
CVE-2013-1698 | 4.3 |
The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1847 | 5.0 |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. Per:
|
19-09-2017 - 01:36 | 02-05-2013 - 14:55 | |
CVE-2013-1700 | 7.2 |
The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1477 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1715 | 6.9 |
Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issu
|
19-09-2017 - 01:36 | 07-08-2013 - 01:55 | |
CVE-2013-1688 | 9.3 |
The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1474 | 9.3 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:36 | 02-02-2013 - 00:55 | |
CVE-2013-1561 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
|
19-09-2017 - 01:36 | 17-04-2013 - 18:55 | |
CVE-2013-1720 | 6.8 |
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1738 | 9.3 |
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1723 | 4.3 |
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application c
|
19-09-2017 - 01:36 | 18-09-2013 - 10:08 | |
CVE-2013-1669 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1406 | 7.2 |
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1
|
19-09-2017 - 01:36 | 11-02-2013 - 22:55 | |
CVE-2013-1702 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via u
|
19-09-2017 - 01:36 | 07-08-2013 - 01:55 | |
CVE-2013-1695 | 5.0 |
Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME el
|
19-09-2017 - 01:36 | 26-06-2013 - 03:19 | |
CVE-2013-1708 | 4.3 |
Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.
|
19-09-2017 - 01:36 | 07-08-2013 - 01:55 | |
CVE-2013-1673 | 6.9 |
The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by
|
19-09-2017 - 01:36 | 16-05-2013 - 11:45 | |
CVE-2013-1491 | 10.0 |
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as d
|
19-09-2017 - 01:36 | 08-03-2013 - 18:55 | |
CVE-2012-5978 | 5.0 |
Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors.
|
19-09-2017 - 01:35 | 19-12-2012 - 11:56 | |
CVE-2012-5157 | 4.3 |
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
|
19-09-2017 - 01:35 | 15-01-2013 - 21:55 | |
CVE-2012-5837 | 6.8 |
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. Per: http://www.mozilla.org/security/anno
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2012-5151 | 6.8 |
Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.
|
19-09-2017 - 01:35 | 15-01-2013 - 21:55 | |
CVE-2012-3754 | 9.3 |
Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-5080 | 7.6 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078. Per: http://w
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-5078 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080. Per: http://w
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-3965 | 9.3 |
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-5121 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5088 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Per: http://ww
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-5156 | 6.8 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.
|
19-09-2017 - 01:35 | 15-01-2013 - 21:55 | |
CVE-2012-5109 | 5.0 |
The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
|
19-09-2017 - 01:35 | 09-10-2012 - 11:13 | |
CVE-2012-3753 | 9.3 |
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-3975 | 4.3 |
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by provi
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-5126 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-3973 | 7.6 |
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-5123 | 5.0 |
Skia, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5112 | 10.0 |
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:35 | 11-10-2012 - 10:51 | |
CVE-2012-3758 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-5124 | 7.5 |
Google Chrome before 23.0.1271.64 does not properly handle textures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5127 | 7.5 |
Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-3221 | 2.1 |
Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from th
|
19-09-2017 - 01:35 | 17-10-2012 - 10:54 | |
CVE-2012-3756 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-5128 | 7.5 |
Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, does not properly perform write operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-3755 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-5116 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5119 | 6.8 |
Race condition in Pepper, as used in Google Chrome before 23.0.1271.64, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to buffers.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5070 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct201
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-4203 | 6.8 |
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2012-5122 | 7.5 |
Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5082 | 5.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
"Appl
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-5087 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Per: http://www.or
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-3752 | 9.3 |
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-5125 | 7.5 |
Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5111 | 7.5 |
Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepper plug-ins, which has unspecified impact and remote attack vectors.
|
19-09-2017 - 01:35 | 09-10-2012 - 11:13 | |
CVE-2012-4301 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2012-3220 | 9.0 |
Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and ava
|
19-09-2017 - 01:35 | 17-01-2013 - 01:55 | |
CVE-2012-5117 | 7.5 |
Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.
|
19-09-2017 - 01:35 | 07-11-2012 - 11:43 | |
CVE-2012-5108 | 9.3 |
Race condition in Google Chrome before 22.0.1229.92 allows remote attackers to execute arbitrary code via vectors related to audio devices.
|
19-09-2017 - 01:35 | 09-10-2012 - 11:13 | |
CVE-2012-3288 | 9.3 |
VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute
|
19-09-2017 - 01:35 | 14-06-2012 - 20:55 | |
CVE-2012-3757 | 9.3 |
Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-5110 | 5.0 |
The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:35 | 09-10-2012 - 11:13 | |
CVE-2012-5067 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per: http://www.oracle.com/technetwork/top
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-4192 | 4.3 |
Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.
|
19-09-2017 - 01:35 | 12-10-2012 - 10:44 | |
CVE-2012-3971 | 10.0 |
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vecto
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-5074 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. Per: http://www.oracle.com/technetwork/topics/secur
|
19-09-2017 - 01:35 | 16-10-2012 - 21:55 | |
CVE-2012-3751 | 9.3 |
Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT eleme
|
19-09-2017 - 01:35 | 09-11-2012 - 19:55 | |
CVE-2012-4305 | 9.3 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2012-2855 | 6.8 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified o
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2847 | 4.3 |
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a den
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2862 | 6.8 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
19-09-2017 - 01:35 | 09-08-2012 - 10:29 | |
CVE-2012-2854 | 5.0 |
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2891 | 5.0 |
The IPC implementation in Google Chrome before 22.0.1229.79 allows attackers to obtain potentially sensitive information about memory addresses via unspecified vectors.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2012-2860 | 6.8 |
The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impa
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2856 | 7.5 |
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that tri
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2900 | 7.5 |
Skia, as used in Google Chrome before 22.0.1229.92, does not properly render text, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 09-10-2012 - 11:13 | |
CVE-2013-1022 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-1016 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2012-2889 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2013-0921 | 6.8 |
The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2012-2834 | 9.3 |
Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.
|
19-09-2017 - 01:35 | 27-06-2012 - 10:18 | |
CVE-2013-0905 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0912 | 7.5 |
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
|
19-09-2017 - 01:35 | 11-03-2013 - 10:55 | |
CVE-2013-0904 | 7.5 |
The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0906 | 7.5 |
The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0842 | 10.0 |
Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
|
19-09-2017 - 01:35 | 24-01-2013 - 21:55 | |
CVE-2013-0829 | 6.4 |
Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.
|
19-09-2017 - 01:35 | 15-01-2013 - 21:55 | |
CVE-2013-0792 | 4.3 |
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2012-2890 | 6.8 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2012-2857 | 6.8 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2849 | 4.3 |
Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2013-0987 | 9.3 |
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0920 | 7.5 |
Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0988 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0910 | 7.5 |
Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access rest
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0903 | 7.5 |
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2012-2850 | 6.8 |
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2875 | 6.8 |
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2012-2842 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.
|
19-09-2017 - 01:35 | 12-07-2012 - 21:55 | |
CVE-2013-0922 | 7.5 |
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-1021 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0840 | 10.0 |
Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
|
19-09-2017 - 01:35 | 24-01-2013 - 21:55 | |
CVE-2012-2853 | 6.8 |
The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or po
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2843 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.
|
19-09-2017 - 01:35 | 12-07-2012 - 21:55 | |
CVE-2013-0908 | 7.5 |
Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-1017 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0918 | 6.8 |
Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2012-2858 | 6.8 |
Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2863 | 7.5 |
The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
|
19-09-2017 - 01:35 | 09-08-2012 - 10:29 | |
CVE-2013-0907 | 7.5 |
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0926 | 6.8 |
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0828 | 6.8 |
The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have un
|
19-09-2017 - 01:35 | 15-01-2013 - 21:55 | |
CVE-2013-1015 | 9.3 |
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0989 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2012-2852 | 6.8 |
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2851 | 6.8 |
Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified othe
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2893 | 6.8 |
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2012-2892 | 5.0 |
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2013-1019 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2012-2895 | 6.8 |
The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2013-0909 | 5.0 |
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2012-2848 | 4.3 |
The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site
|
19-09-2017 - 01:35 | 06-08-2012 - 15:55 | |
CVE-2012-2844 | 9.3 |
The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document
|
19-09-2017 - 01:35 | 12-07-2012 - 21:55 | |
CVE-2012-2894 | 6.8 |
Google Chrome before 22.0.1229.79 does not properly handle graphics-context data structures, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 26-09-2012 - 10:56 | |
CVE-2013-1020 | 9.3 |
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0923 | 5.0 |
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0841 | 7.5 |
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 24-01-2013 - 21:55 | |
CVE-2013-0925 | 7.5 |
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0902 | 7.5 |
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0789 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-0911 | 7.5 |
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
|
19-09-2017 - 01:35 | 05-03-2013 - 21:55 | |
CVE-2013-0917 | 5.0 |
The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0916 | 7.5 |
Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0794 | 5.8 |
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
|
19-09-2017 - 01:35 | 03-04-2013 - 11:56 | |
CVE-2013-1018 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0986 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.
|
19-09-2017 - 01:35 | 24-05-2013 - 16:43 | |
CVE-2013-0924 | 7.5 |
The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.
|
19-09-2017 - 01:35 | 28-03-2013 - 12:18 | |
CVE-2013-0839 | 7.5 |
Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.
|
19-09-2017 - 01:35 | 24-01-2013 - 21:55 | |
CVE-2013-0751 | 5.8 |
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a craf
|
19-09-2017 - 01:35 | 13-01-2013 - 20:55 | |
CVE-2013-0436 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0402 | 10.0 |
Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstr
|
19-09-2017 - 01:35 | 08-03-2013 - 18:55 | |
CVE-2013-0447 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0444 | 7.6 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0437 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0449 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0439 | 10.0 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2013-0401 | 10.0 |
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demo
|
19-09-2017 - 01:35 | 08-03-2013 - 18:55 | |
CVE-2013-0448 | 5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. Per http://www.oracle.com/technetwork/topics/securit
|
19-09-2017 - 01:35 | 02-02-2013 - 00:55 | |
CVE-2011-3663 | 4.3 |
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3661 | 7.5 |
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3650 | 9.3 |
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory c
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3664 | 6.8 |
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and appl
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3649 | 2.6 |
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different dom
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-4693 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp m
|
19-09-2017 - 01:34 | 07-12-2011 - 20:55 | |
CVE-2011-4688 | 5.0 |
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache
|
19-09-2017 - 01:34 | 07-12-2011 - 19:55 | |
CVE-2011-3886 | 6.8 |
Google V8, as used in Google Chrome before 15.0.874.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers out-of-bounds write operations.
|
19-09-2017 - 01:34 | 25-10-2011 - 19:55 | |
CVE-2011-3666 | 6.8 |
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerabilit
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-3653 | 5.0 |
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3648 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-4369 | 10.0 |
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x
|
19-09-2017 - 01:34 | 16-12-2011 - 19:55 | |
CVE-2011-4694 | 9.3 |
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp
|
19-09-2017 - 01:34 | 07-12-2011 - 20:55 | |
CVE-2011-3647 | 9.3 |
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3654 | 10.0 |
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application cras
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3651 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3652 | 10.0 |
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-4548 | 10.0 |
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
|
19-09-2017 - 01:34 | 24-11-2011 - 04:01 | |
CVE-2011-3655 | 9.3 |
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
|
19-09-2017 - 01:34 | 09-11-2011 - 11:55 | |
CVE-2011-3665 | 7.5 |
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly han
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2011-4691 | 5.0 |
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser
|
19-09-2017 - 01:34 | 07-12-2011 - 19:55 | |
CVE-2011-4692 | 5.0 |
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the bro
|
19-09-2017 - 01:34 | 07-12-2011 - 19:55 | |
CVE-2011-3660 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
|
19-09-2017 - 01:34 | 21-12-2011 - 04:02 | |
CVE-2012-2828 | 6.8 |
Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2832 | 6.8 |
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted do
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2820 | 5.0 |
Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2822 | 5.0 |
The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2826 | 5.0 |
Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2764 | 7.2 |
Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2818 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS)
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-1726 | 6.4 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
|
19-09-2017 - 01:34 | 16-06-2012 - 21:55 | |
CVE-2012-1509 | 7.2 |
Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.
|
19-09-2017 - 01:34 | 16-03-2012 - 20:55 | |
CVE-2012-2830 | 7.5 |
Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2823 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2815 | 5.0 |
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2816 | 7.8 |
Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2831 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2833 | 7.5 |
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2819 | 6.8 |
The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application cr
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-1956 | 4.3 |
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-si
|
19-09-2017 - 01:34 | 29-08-2012 - 10:56 | |
CVE-2012-2821 | 7.5 |
The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-1543 | 7.6 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the F
|
19-09-2017 - 01:34 | 02-02-2013 - 00:55 | |
CVE-2012-2829 | 7.5 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2824 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-2817 | 7.5 |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections.
|
19-09-2017 - 01:34 | 27-06-2012 - 10:18 | |
CVE-2012-1971 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:34 | 29-08-2012 - 10:56 | |
CVE-2012-0776 | 10.0 |
The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:34 | 10-04-2012 - 23:55 | |
CVE-2012-0712 | 4.0 |
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
|
19-09-2017 - 01:34 | 20-03-2012 - 20:55 | |
CVE-2012-0668 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0664 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0663 | 9.3 |
Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0111 | 3.6 |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.
|
19-09-2017 - 01:34 | 18-01-2012 - 22:55 | |
CVE-2012-0666 | 9.3 |
Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0447 | 5.0 |
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG ima
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2012-0671 | 9.3 |
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0709 | 4.0 |
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL
|
19-09-2017 - 01:34 | 20-03-2012 - 20:55 | |
CVE-2012-0670 | 9.3 |
Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0446 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, r
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2012-0265 | 9.3 |
Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0667 | 9.3 |
Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0695 | 10.0 |
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
|
19-09-2017 - 01:34 | 12-01-2012 - 18:55 | |
CVE-2012-0669 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
|
19-09-2017 - 01:34 | 16-05-2012 - 10:12 | |
CVE-2012-0450 | 2.1 |
Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2012-0105 | 3.7 |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.
|
19-09-2017 - 01:34 | 18-01-2012 - 22:55 | |
CVE-2012-0445 | 5.0 |
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name at
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2012-0443 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
|
19-09-2017 - 01:34 | 01-02-2012 - 16:55 | |
CVE-2011-3420 | 10.0 |
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
|
19-09-2017 - 01:33 | 12-09-2011 - 12:40 | |
CVE-2011-3421 | 10.0 |
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
|
19-09-2017 - 01:33 | 12-09-2011 - 12:40 | |
CVE-2011-3248 | 9.3 |
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3251 | 9.3 |
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3249 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3250 | 9.3 |
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3247 | 9.3 |
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
|
19-09-2017 - 01:33 | 28-10-2011 - 02:49 | |
CVE-2011-3232 | 9.3 |
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-3114 | 7.5 |
Multiple buffer overflows in the PDF functionality in Google Chrome before 19.0.1084.52 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unknown function calls.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3107 | 7.5 |
Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3111 | 5.0 |
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3113 | 7.5 |
The PDF functionality in Google Chrome before 19.0.1084.52 does not properly perform a cast of an unspecified variable during handling of color spaces, which allows remote attackers to cause a denial of service or possibly have unknown other impact v
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3105 | 7.5 |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2993 | 9.3 |
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypas
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2989 | 10.0 |
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and appl
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2981 | 9.3 |
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Sam
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2368 | 10.0 |
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2998 | 10.0 |
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
|
19-09-2017 - 01:33 | 30-09-2011 - 10:55 | |
CVE-2011-3004 | 4.3 |
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a craf
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2438 | 9.3 |
Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2433 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-3110 | 7.5 |
The PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2378 | 10.0 |
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2440 | 9.3 |
Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2377 | 5.0 |
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multip
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2991 | 10.0 |
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2439 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability."
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-3108 | 10.0 |
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2980 | 7.2 |
Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Troja
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2435 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2432 | 9.3 |
Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-3112 | 5.0 |
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3104 | 5.0 |
Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3001 | 4.3 |
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2999 | 4.3 |
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a diffe
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2442 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability."
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2599 | 4.3 |
Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
|
19-09-2017 - 01:33 | 30-06-2011 - 15:55 | |
CVE-2011-2367 | 6.4 |
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2987 | 10.0 |
Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2984 | 10.0 |
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2992 | 10.0 |
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possi
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2988 | 10.0 |
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2982 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corrupt
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2598 | 4.3 |
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.
|
19-09-2017 - 01:33 | 30-06-2011 - 15:55 | |
CVE-2011-2366 | 4.3 |
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack invo
|
19-09-2017 - 01:33 | 30-06-2011 - 15:55 | |
CVE-2011-3115 | 7.5 |
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger "type corruption."
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3103 | 7.5 |
Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript cod
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-3005 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-3106 | 10.0 |
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
19-09-2017 - 01:33 | 24-05-2012 - 18:55 | |
CVE-2011-2605 | 4.3 |
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass inten
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2373 | 7.6 |
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2441 | 9.3 |
Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2983 | 4.3 |
Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2436 | 9.3 |
Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2372 | 3.5 |
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended ac
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2995 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application cra
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2985 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and applic
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2761 | 4.3 |
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.
|
19-09-2017 - 01:33 | 18-07-2011 - 22:55 | |
CVE-2011-2434 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2990 | 5.0 |
The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allow
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-2996 | 10.0 |
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2986 | 5.0 |
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data
|
19-09-2017 - 01:33 | 18-08-2011 - 18:55 | |
CVE-2011-3000 | 4.3 |
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote a
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2997 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitr
|
19-09-2017 - 01:33 | 29-09-2011 - 00:55 | |
CVE-2011-2431 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability."
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2437 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.
|
19-09-2017 - 01:33 | 15-09-2011 - 12:26 | |
CVE-2011-2375 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2374 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2371 | 10.0 |
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2370 | 5.0 |
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2369 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2376 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:33 | 30-06-2011 - 16:55 | |
CVE-2011-2102 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb11-16.html
'Note: Updat
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2097 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2365 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-1374 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file.
|
19-09-2017 - 01:32 | 09-11-2012 - 19:55 | |
CVE-2011-2094 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2362 | 5.0 |
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Se
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-1846 | 6.5 |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a
|
19-09-2017 - 01:32 | 03-05-2011 - 20:55 | |
CVE-2011-2098 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2364 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-2095 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2105 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data.
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-1373 | 1.5 |
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vecto
|
19-09-2017 - 01:32 | 09-11-2011 - 23:55 | |
CVE-2011-2101 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script exec
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2106 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-1353 | 6.9 |
Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.
|
19-09-2017 - 01:32 | 15-09-2011 - 12:26 | |
CVE-2011-2103 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-1921 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly reada
|
19-09-2017 - 01:32 | 06-06-2011 - 19:55 | |
CVE-2011-2099 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2075 | 9.3 |
Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabil
|
19-09-2017 - 01:32 | 10-05-2011 - 18:55 | |
CVE-2011-2363 | 10.0 |
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
|
19-09-2017 - 01:32 | 30-06-2011 - 16:55 | |
CVE-2011-1847 | 4.9 |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOT
|
19-09-2017 - 01:32 | 03-05-2011 - 20:55 | |
CVE-2011-2104 | 4.3 |
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-1712 | 4.3 |
The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain p
|
19-09-2017 - 01:32 | 15-04-2011 - 20:55 | |
CVE-2011-2100 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-2300 | 3.7 |
Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.
|
19-09-2017 - 01:32 | 21-07-2011 - 00:55 | |
CVE-2011-2305 | 6.2 |
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:32 | 21-07-2011 - 00:55 | |
CVE-2011-2096 | 9.3 |
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:32 | 16-06-2011 - 23:55 | |
CVE-2011-0715 | 4.3 |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. Per: http
|
19-09-2017 - 01:32 | 11-03-2011 - 22:55 | |
CVE-2011-0681 | 4.3 |
The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0683 | 4.3 |
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0450 | 7.6 |
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executab
|
19-09-2017 - 01:32 | 31-01-2011 - 20:00 | |
CVE-2011-0757 | 6.5 |
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this aut
|
19-09-2017 - 01:32 | 02-02-2011 - 23:00 | |
CVE-2011-0684 | 5.0 |
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensit
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-1138 | 4.3 |
Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet.
|
19-09-2017 - 01:32 | 03-03-2011 - 01:00 | |
CVE-2011-0686 | 5.0 |
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-0638 | 6.9 |
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and
|
19-09-2017 - 01:32 | 25-01-2011 - 01:00 | |
CVE-2011-0610 | 9.3 |
The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remot
|
19-09-2017 - 01:32 | 03-05-2011 - 19:55 | |
CVE-2011-0778 | 7.5 |
Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
19-09-2017 - 01:32 | 04-02-2011 - 18:00 | |
CVE-2011-0731 | 7.5 |
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:32 | 01-02-2011 - 18:00 | |
CVE-2011-0685 | 2.1 |
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2011-1143 | 4.3 |
epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. Per: http://cwe.mitre.org/data/definit
|
19-09-2017 - 01:32 | 03-03-2011 - 01:00 | |
CVE-2011-0687 | 4.3 |
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
CVE-2010-3822 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to exe
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3776 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (me
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4035 | 9.3 |
Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3735 | 2.1 |
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-3737 | 3.5 |
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-4009 | 9.3 |
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3770 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2)
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4485 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4036 | 6.8 |
Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3826 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attacker
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3775 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary loca
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3771 | 6.8 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome priv
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3738 | 5.0 |
The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it eas
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-3813 | 5.8 |
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly othe
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3808 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to exec
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4044 | 4.3 |
Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3805 | 9.3 |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors invo
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-5073 | 5.0 |
The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by ca
|
19-09-2017 - 01:31 | 07-12-2011 - 19:55 | |
CVE-2010-4414 | 6.8 |
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.
|
19-09-2017 - 01:31 | 19-01-2011 - 16:00 | |
CVE-2010-3817 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allow
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3768 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3638 | 4.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.
|
19-09-2017 - 01:31 | 07-11-2010 - 22:00 | |
CVE-2010-4490 | 9.3 |
Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3824 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3804 | 5.0 |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attacke
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3774 | 4.3 |
The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remo
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3772 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4508 | 10.0 |
The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3563 | 10.0 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-4048 | 4.3 |
Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-4484 | 5.0 |
Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3821 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attacker
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3732 | 3.5 |
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large numbe
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-4033 | 5.0 |
Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3769 | 9.3 |
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers t
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3816 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3778 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-4489 | 4.3 |
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4050 | 4.3 |
Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3820 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3773 | 6.8 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objec
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3767 | 9.3 |
Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3802 | 9.3 |
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3731 | 10.0 |
Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-5074 | 4.3 |
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for
|
19-09-2017 - 01:31 | 07-12-2011 - 19:55 | |
CVE-2010-4046 | 4.3 |
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3803 | 9.3 |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted str
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4491 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3809 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execut
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-4483 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3819 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3766 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3654 | 9.3 |
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows r
|
19-09-2017 - 01:31 | 29-10-2010 - 19:00 | |
CVE-2010-5069 | 4.3 |
The Cascading Style Sheets (CSS) implementation in Google Chrome 4 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. NOTE: this may
|
19-09-2017 - 01:31 | 07-12-2011 - 19:55 | |
CVE-2010-4043 | 4.3 |
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3823 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3801 | 9.3 |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3734 | 5.0 |
The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-4488 | 5.0 |
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4047 | 4.3 |
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-4049 | 4.3 |
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3736 | 4.0 |
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-3811 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3570 | 7.6 |
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3555 | 9.3 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3812 | 9.3 |
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows re
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3777 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
CVE-2010-3781 | 6.0 |
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEF
|
19-09-2017 - 01:31 | 06-10-2010 - 21:00 | |
CVE-2010-3558 | 10.0 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-4037 | 4.3 |
Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-4486 | 9.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-3818 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3810 | 4.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history vi
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
CVE-2010-3800 | 9.3 |
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
CVE-2010-3765 | 9.3 |
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
|
19-09-2017 - 01:31 | 28-10-2010 - 00:00 | |
CVE-2010-3740 | 4.0 |
The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption a
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-3623 | 9.3 |
Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-2
|
19-09-2017 - 01:31 | 06-10-2010 - 17:00 | |
CVE-2010-4482 | 5.0 |
Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
CVE-2010-4045 | 9.3 |
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-4034 | 9.3 |
Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3733 | 7.2 |
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
CVE-2010-3560 | 2.6 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3475 | 4.0 |
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE sta
|
19-09-2017 - 01:31 | 20-09-2010 - 22:00 | |
CVE-2010-3183 | 9.3 |
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls tha
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3181 | 6.9 |
Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the c
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3552 | 10.0 |
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technetwork
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
CVE-2010-3169 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memor
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3399 | 5.8 |
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
CVE-2010-3177 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) f
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3174 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3173 | 7.5 |
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which m
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2862 | 9.3 |
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
|
19-09-2017 - 01:31 | 05-08-2010 - 18:17 | |
CVE-2010-3180 | 9.3 |
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessin
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2768 | 4.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2752 | 9.3 |
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Casc
|
19-09-2017 - 01:31 | 30-07-2010 - 20:30 | |
CVE-2010-3170 | 4.3 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-th
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3167 | 9.3 |
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to e
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3134 | 9.3 |
Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .k
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3019 | 9.3 |
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of t
|
19-09-2017 - 01:31 | 16-08-2010 - 18:39 | |
CVE-2010-2764 | 4.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2760 | 9.3 |
Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code v
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3136 | 9.3 |
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .sk
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
CVE-2010-3474 | 5.0 |
IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these f
|
19-09-2017 - 01:31 | 20-09-2010 - 22:00 | |
CVE-2010-3433 | 6.0 |
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL use
|
19-09-2017 - 01:31 | 06-10-2010 - 17:00 | |
CVE-2010-3179 | 9.3 |
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3175 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3168 | 9.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to c
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2755 | 10.0 |
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
|
19-09-2017 - 01:31 | 30-07-2010 - 13:26 | |
CVE-2010-3020 | 5.0 |
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content.
|
19-09-2017 - 01:31 | 16-08-2010 - 18:39 | |
CVE-2010-2754 | 5.0 |
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving
|
19-09-2017 - 01:31 | 30-07-2010 - 13:26 | |
CVE-2010-2770 | 9.3 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2766 | 9.3 |
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might al
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3315 | 6.0 |
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, whi
|
19-09-2017 - 01:31 | 04-10-2010 - 21:00 | |
CVE-2010-3176 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-3197 | 5.0 |
IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
19-09-2017 - 01:31 | 31-08-2010 - 22:00 | |
CVE-2010-3178 | 5.8 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window an
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2767 | 9.3 |
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3182 | 6.9 |
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allow
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2010-2762 | 6.8 |
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attacker
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3195 | 5.0 |
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."
|
19-09-2017 - 01:31 | 31-08-2010 - 22:00 | |
CVE-2010-3166 | 9.3 |
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute ar
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2769 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-3400 | 5.8 |
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote at
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
CVE-2010-3194 | 7.5 |
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.
|
19-09-2017 - 01:31 | 31-08-2010 - 22:00 | |
CVE-2010-3171 | 5.8 |
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attac
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
CVE-2010-3021 | 4.3 |
Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image.
|
19-09-2017 - 01:31 | 16-08-2010 - 18:39 | |
CVE-2010-3193 | 10.0 |
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.
|
19-09-2017 - 01:31 | 31-08-2010 - 22:00 | |
CVE-2010-3196 | 3.5 |
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.
|
19-09-2017 - 01:31 | 31-08-2010 - 22:00 | |
CVE-2010-2751 | 2.6 |
The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vecto
|
19-09-2017 - 01:31 | 30-07-2010 - 20:30 | |
CVE-2010-2763 | 4.3 |
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2010-2887 | 9.3 |
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html
'This update resolves multiple pot
|
19-09-2017 - 01:31 | 06-10-2010 - 17:00 | |
CVE-2010-2765 | 9.3 |
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a
|
19-09-2017 - 01:31 | 09-09-2010 - 19:00 | |
CVE-2011-0256 | 9.3 |
Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.
|
19-09-2017 - 01:31 | 15-08-2011 - 21:55 | |
CVE-2011-0078 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0077 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0076 | 7.5 |
Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0054 | 10.0 |
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvar
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0061 | 9.3 |
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0057 | 10.0 |
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and gar
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0075 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0059 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugi
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0250 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.
|
19-09-2017 - 01:31 | 04-08-2011 - 02:45 | |
CVE-2011-0085 | 10.0 |
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues t
|
19-09-2017 - 01:31 | 30-06-2011 - 16:55 | |
CVE-2011-0066 | 10.0 |
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0074 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0070 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0069 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory cor
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0062 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0067 | 5.0 |
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the au
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0249 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.
|
19-09-2017 - 01:31 | 04-08-2011 - 02:45 | |
CVE-2011-0246 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
|
19-09-2017 - 01:31 | 04-08-2011 - 02:45 | |
CVE-2011-0056 | 10.0 |
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0252 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file.
|
19-09-2017 - 01:31 | 04-08-2011 - 02:45 | |
CVE-2011-0080 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption a
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0073 | 10.0 |
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0083 | 10.0 |
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial
|
19-09-2017 - 01:31 | 30-06-2011 - 16:55 | |
CVE-2011-0152 | 7.6 |
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vuln
|
19-09-2017 - 01:31 | 03-03-2011 - 20:00 | |
CVE-2011-0055 | 10.0 |
Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to t
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0079 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0065 | 10.0 |
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0081 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possib
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0058 | 10.0 |
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers const
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0014 | 5.0 |
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake mes
|
19-09-2017 - 01:31 | 19-02-2011 - 01:00 | |
CVE-2011-0245 | 9.3 |
Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file.
|
19-09-2017 - 01:31 | 04-08-2011 - 02:45 | |
CVE-2011-0084 | 10.0 |
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text,
|
19-09-2017 - 01:31 | 18-08-2011 - 18:55 | |
CVE-2011-0082 | 4.3 |
The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untruste
|
19-09-2017 - 01:31 | 06-06-2011 - 19:55 | |
CVE-2011-0053 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and appl
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2011-0071 | 5.0 |
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load res
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0247 | 9.3 |
Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie.
|
19-09-2017 - 01:31 | 04-08-2011 - 02:45 | |
CVE-2011-0257 | 9.3 |
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
|
19-09-2017 - 01:31 | 15-08-2011 - 21:55 | |
CVE-2011-0072 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and applica
|
19-09-2017 - 01:31 | 07-05-2011 - 18:55 | |
CVE-2011-0251 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.
|
19-09-2017 - 01:31 | 04-08-2011 - 02:45 | |
CVE-2011-0051 | 6.8 |
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demon
|
19-09-2017 - 01:31 | 02-03-2011 - 20:00 | |
CVE-2009-4764 | 9.3 |
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-2172 | 4.3 |
Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-14.html
'This update resolves a denial of service is
|
19-09-2017 - 01:30 | 15-06-2010 - 18:00 | |
CVE-2010-1787 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1780 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1758 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1767 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a
|
19-09-2017 - 01:30 | 24-09-2010 - 19:00 | |
CVE-2010-1506 | 7.8 |
The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1792 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1759 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1215 | 6.8 |
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrom
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1203 | 9.3 |
The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1198 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1196 | 9.3 |
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM nod
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1663 | 10.0 |
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
19-09-2017 - 01:30 | 03-05-2010 - 13:51 | |
CVE-2010-1500 | 7.5 |
Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1807 | 9.3 |
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (applic
|
19-09-2017 - 01:30 | 10-09-2010 - 19:00 | |
CVE-2010-1786 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of servi
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1664 | 5.0 |
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:30 | 03-05-2010 - 13:51 | |
CVE-2010-1232 | 5.0 |
Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1209 | 9.3 |
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM no
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1505 | 10.0 |
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1771 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1414 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1400 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1384 | 4.3 |
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to cond
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1939 | 7.6 |
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which trigge
|
19-09-2017 - 01:30 | 13-05-2010 - 22:30 | |
CVE-2010-1211 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of se
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1422 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1412 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1212 | 9.3 |
js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via v
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1201 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1416 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attacke
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1385 | 9.3 |
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF d
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1240 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arb
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-1851 | 4.3 |
Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request l
|
19-09-2017 - 01:30 | 07-05-2010 - 18:24 | |
CVE-2010-1231 | 7.5 |
Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1234 | 7.5 |
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1197 | 4.3 |
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1143 | 4.3 |
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
19-09-2017 - 01:30 | 07-05-2010 - 18:24 | |
CVE-2010-1121 | 10.0 |
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involv
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-1790 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to exec
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1782 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1418 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC at
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1408 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, relate
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1503 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1202 | 9.3 |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption a
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1793 | 9.3 |
Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denia
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1750 | 9.3 |
Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1237 | 7.5 |
Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1229 | 10.0 |
The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1207 | 4.3 |
Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node d
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1508 | 9.3 |
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.
|
19-09-2017 - 01:30 | 09-12-2010 - 20:00 | |
CVE-2010-1421 | 4.3 |
The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to m
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1389 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involvi
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1228 | 10.0 |
Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1806 | 9.3 |
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
|
19-09-2017 - 01:30 | 10-09-2010 - 19:00 | |
CVE-2010-1241 | 9.3 |
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-1213 | 4.3 |
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows r
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1805 | 6.9 |
Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been d
|
19-09-2017 - 01:30 | 10-09-2010 - 19:00 | |
CVE-2010-1791 | 9.3 |
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1560 | 4.0 |
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.
|
19-09-2017 - 01:30 | 27-04-2010 - 15:30 | |
CVE-2010-1504 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1415 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash)
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1406 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remot
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1417 | 9.3 |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory co
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1410 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1783 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbit
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1761 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1788 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1778 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1419 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application cr
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1396 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vecto
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1391 | 4.3 |
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-2203 | 6.8 |
Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-15.html
'This update
|
19-09-2017 - 01:30 | 30-06-2010 - 18:30 | |
CVE-2010-1785 | 9.3 |
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1774 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1768 | 6.9 |
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
|
19-09-2017 - 01:30 | 20-08-2010 - 20:00 | |
CVE-2010-1762 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a T
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1235 | 4.3 |
Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1210 | 4.3 |
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to cond
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1665 | 7.5 |
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:30 | 03-05-2010 - 13:51 | |
CVE-2010-1769 | 10.0 |
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (appl
|
19-09-2017 - 01:30 | 18-06-2010 - 16:30 | |
CVE-2010-1409 | 5.8 |
Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service po
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1405 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HT
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1395 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constru
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1399 | 9.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1394 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML docume
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1119 | 10.0 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of serv
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-1789 | 9.3 |
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a J
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1777 | 9.3 |
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
|
19-09-2017 - 01:30 | 30-07-2010 - 13:26 | |
CVE-2010-1413 | 5.0 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information v
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1390 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper U
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1764 | 4.3 |
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-1200 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-1393 | 4.3 |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with
|
19-09-2017 - 01:30 | 11-06-2010 - 18:00 | |
CVE-2010-1236 | 4.3 |
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows r
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1233 | 10.0 |
Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects.
|
19-09-2017 - 01:30 | 01-04-2010 - 22:30 | |
CVE-2010-1206 | 4.3 |
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the ab
|
19-09-2017 - 01:30 | 25-06-2010 - 19:30 | |
CVE-2010-1796 | 2.6 |
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1502 | 9.3 |
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
CVE-2010-1784 | 9.3 |
The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-1763 | 10.0 |
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
|
19-09-2017 - 01:30 | 18-06-2010 - 16:30 | |
CVE-2010-1214 | 9.3 |
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.
|
19-09-2017 - 01:30 | 30-07-2010 - 20:30 | |
CVE-2010-0658 | 9.3 |
Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0649 | 9.3 |
Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0532 | 6.9 |
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. Per: http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.htm
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0530 | 2.1 |
Apple QuickTime before 7.6.9 on Windows sets weak permissions for the Apple Computer directory in the profile of a user account, which allows local users to obtain sensitive information by reading files in this directory.
|
19-09-2017 - 01:30 | 09-12-2010 - 20:00 | |
CVE-2010-0043 | 9.3 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. Per: http://lists.apple.com/archi
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-1122 | 10.0 |
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a d
|
19-09-2017 - 01:30 | 25-03-2010 - 22:30 | |
CVE-2010-0051 | 4.3 |
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651. Per: http://li
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0531 | 4.3 |
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0163 | 4.3 |
Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly
|
19-09-2017 - 01:30 | 23-03-2010 - 00:53 | |
CVE-2010-0045 | 9.3 |
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. Per: http://lists.apple.com/archives/security-announce/201
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-1028 | 9.3 |
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a b
|
19-09-2017 - 01:30 | 19-03-2010 - 21:30 | |
CVE-2010-0041 | 4.3 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0645 | 9.3 |
Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0462 | 6.5 |
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
|
19-09-2017 - 01:30 | 28-01-2010 - 20:30 | |
CVE-2010-0663 | 5.0 |
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive infor
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0661 | 6.8 |
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0042 | 4.3 |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafte
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0220 | 5.0 |
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an acco
|
19-09-2017 - 01:30 | 07-01-2010 - 19:30 | |
CVE-2010-0046 | 9.3 |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. Per: http://
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0514 | 6.8 |
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0655 | 9.3 |
Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window duri
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0643 | 4.3 |
Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via s
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0657 | 9.3 |
Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sens
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0172 | 4.3 |
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might a
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0166 | 5.1 |
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0161 | 4.3 |
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial o
|
19-09-2017 - 01:30 | 23-03-2010 - 00:53 | |
CVE-2010-0647 | 9.3 |
WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0054 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements. Per: http://lists.apple.com/archives/secur
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0168 | 7.6 |
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0646 | 10.0 |
Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0544 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malforme
|
19-09-2017 - 01:30 | 11-06-2010 - 19:30 | |
CVE-2010-0315 | 5.0 |
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK elem
|
19-09-2017 - 01:30 | 14-01-2010 - 19:30 | |
CVE-2010-0651 | 4.3 |
WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, whi
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0379 | 9.3 |
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not rela
|
19-09-2017 - 01:30 | 21-01-2010 - 23:30 | |
CVE-2010-0654 | 4.3 |
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0659 | 9.3 |
The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file tha
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0518 | 6.8 |
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0660 | 5.0 |
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP l
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0648 | 4.3 |
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the do
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0183 | 9.3 |
Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame con
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
CVE-2010-0049 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. Per: http://lists.a
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0044 | 4.3 |
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Per: http://lists.ap
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0060 | 6.8 |
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0053 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property. Pe
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2010-0644 | 4.3 |
Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrat
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0664 | 5.0 |
Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and appl
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0527 | 9.3 |
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Per: http://lists.apple.com/archives/security-announce/2010//Mar/
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0536 | 9.3 |
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. Per: http://lists.apple.com/archives/security-announce/2010//Mar
|
19-09-2017 - 01:30 | 31-03-2010 - 18:30 | |
CVE-2010-0472 | 5.0 |
kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.
|
19-09-2017 - 01:30 | 02-02-2010 - 18:30 | |
CVE-2010-0040 | 9.3 |
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a
|
19-09-2017 - 01:30 | 15-03-2010 - 13:28 | |
CVE-2010-0656 | 4.3 |
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibl
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0165 | 9.3 |
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitr
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0662 | 5.0 |
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
CVE-2010-0162 | 4.3 |
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving S
|
19-09-2017 - 01:30 | 22-02-2010 - 13:00 | |
CVE-2010-0515 | 6.8 |
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
|
19-09-2017 - 01:30 | 30-03-2010 - 18:30 | |
CVE-2010-0170 | 4.3 |
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specifi
|
19-09-2017 - 01:30 | 25-03-2010 - 21:00 | |
CVE-2010-0052 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements." Per: http://lists.apple.com/a
|
19-09-2017 - 01:30 | 15-03-2010 - 14:15 | |
CVE-2009-4376 | 9.3 |
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
|
19-09-2017 - 01:29 | 21-12-2009 - 21:30 | |
CVE-2009-3987 | 7.8 |
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3981 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3375 | 4.3 |
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection fu
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3074 | 10.0 |
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3382 | 10.0 |
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or p
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3371 | 10.0 |
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3984 | 6.8 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3983 | 6.8 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3797 | 9.3 |
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
|
19-09-2017 - 01:29 | 10-12-2009 - 19:30 | |
CVE-2009-3070 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3380 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3379 | 10.0 |
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overla
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3079 | 10.0 |
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3985 | 6.8 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3979 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash)
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3078 | 5.0 |
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3071 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3016 | 4.3 |
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contain
|
19-09-2017 - 01:29 | 31-08-2009 - 16:30 | |
CVE-2009-3988 | 5.0 |
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-s
|
19-09-2017 - 01:29 | 22-02-2010 - 13:00 | |
CVE-2009-3381 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3370 | 5.0 |
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3383 | 10.0 |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3077 | 9.3 |
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangl
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-2655 | 4.3 |
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one a
|
19-09-2017 - 01:29 | 03-08-2009 - 14:30 | |
CVE-2009-2837 | 6.8 |
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
|
19-09-2017 - 01:29 | 10-11-2009 - 19:30 | |
CVE-2009-2714 | 4.9 |
Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.
|
19-09-2017 - 01:29 | 07-08-2009 - 19:00 | |
CVE-2009-3048 | 4.3 |
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
|
19-09-2017 - 01:29 | 02-09-2009 - 17:30 | |
CVE-2009-3073 | 10.0 |
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-2842 | 4.3 |
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
|
19-09-2017 - 01:29 | 13-11-2009 - 15:30 | |
CVE-2009-3982 | 9.3 |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3461 | 9.3 |
Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html
This update resolves an issue that c
|
19-09-2017 - 01:29 | 19-10-2009 - 22:30 | |
CVE-2009-2817 | 9.3 |
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
|
19-09-2017 - 01:29 | 24-09-2009 - 18:30 | |
CVE-2009-3986 | 7.6 |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3378 | 9.3 |
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3374 | 7.5 |
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote w
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3075 | 10.0 |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3377 | 10.0 |
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3072 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and ap
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3980 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3069 | 10.0 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3384 | 9.3 |
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing
|
19-09-2017 - 01:29 | 13-11-2009 - 15:30 | |
CVE-2009-3431 | 5.0 |
Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application c
|
19-09-2017 - 01:29 | 25-09-2009 - 23:30 | |
CVE-2009-3389 | 9.3 |
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a vid
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3388 | 9.3 |
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-3076 | 9.3 |
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbit
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-3044 | 5.0 |
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL serve
|
19-09-2017 - 01:29 | 02-09-2009 - 17:30 | |
CVE-2012-3977 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in t
|
09-10-2012 - 11:13 | 09-10-2012 - 11:13 |