Vulnerabilities (CVE)

Total 24023 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6014 1 Juniper 1 Junos 2023-12-10 6.1 MEDIUM 9.3 CRITICAL
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.
CVE-2013-6671 6 Canonical, Fedoraproject, Mozilla and 3 more 17 Ubuntu Linux, Fedora, Firefox and 14 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
CVE-2011-1180 1 Linux 1 Linux Kernel 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.
CVE-2011-3188 3 F5, Linux, Redhat 15 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 12 more 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
CVE-2012-0931 1 Schneider-electric 1 Modicon Quantum Plc 2023-12-10 7.5 HIGH 9.8 CRITICAL
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
CVE-2010-4041 2 Google, Linux 2 Chrome, Linux Kernel 2023-12-10 7.5 HIGH 9.8 CRITICAL
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2011-4372 3 Adobe, Apple, Microsoft 4 Acrobat, Reader, Macos and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.
CVE-2010-4039 2 Google, Linux 2 Chrome, Linux Kernel 2023-12-10 7.5 HIGH 9.8 CRITICAL
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
CVE-2010-3416 2 Google, Linux 2 Chrome, Linux Kernel 2023-12-10 7.5 HIGH 9.8 CRITICAL
Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2010-1205 10 Apple, Canonical, Debian and 7 more 17 Iphone Os, Itunes, Mac Os X and 14 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
CVE-2011-4370 3 Adobe, Apple, Microsoft 4 Acrobat, Reader, Macos and 1 more 2023-12-10 7.5 HIGH N/A
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.
CVE-2010-4202 2 Google, Linux 2 Chrome, Linux Kernel 2023-12-10 7.5 HIGH 9.8 CRITICAL
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
CVE-2010-4042 2 Google, Opensuse 2 Chrome, Opensuse 2023-12-10 7.5 HIGH 9.8 CRITICAL
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
CVE-2010-4197 3 Fedoraproject, Google, Webkitgtk 3 Fedora, Chrome, Webkitgtk 2023-12-10 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
CVE-2010-3729 1 Google 1 Chrome 2023-12-10 7.5 HIGH 9.8 CRITICAL
The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-4201 1 Google 1 Chrome 2023-12-10 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
CVE-2010-4204 3 Fedoraproject, Google, Webkitgtk 3 Fedora, Chrome, Webkitgtk 2023-12-10 7.5 HIGH 9.8 CRITICAL
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2010-4203 3 Google, Redhat, Webmproject 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
CVE-2011-4373 3 Adobe, Apple, Microsoft 4 Acrobat, Reader, Macos and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
CVE-2010-4205 1 Google 1 Chrome 2023-12-10 7.5 HIGH 9.8 CRITICAL
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.