Total
250066 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1804 | 1 Apple | 5 Airport Express, Airport Express Base Station Firmware, Airport Extreme and 2 more | 2023-12-10 | 7.1 HIGH | N/A |
Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply. | |||||
CVE-2011-0780 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2010-0029 | 1 Microsoft | 1 Powerpoint | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability." | |||||
CVE-2011-3210 | 1 Openssl | 1 Openssl | 2023-12-10 | 5.0 MEDIUM | N/A |
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. | |||||
CVE-2010-4298 | 1 Dustincowell | 1 Free Simple Software | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php. | |||||
CVE-2009-4671 | 1 Beaussier | 1 Roomphplanning | 2023-12-10 | 7.5 HIGH | N/A |
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account. | |||||
CVE-2011-3446 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. | |||||
CVE-2011-2855 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | |||||
CVE-2010-4804 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | N/A |
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | |||||
CVE-2010-4523 | 1 Opensc-project | 1 Opensc | 2023-12-10 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. | |||||
CVE-2009-4572 | 1 Phpshop | 1 Phpshop | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI. | |||||
CVE-2010-4520 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. | |||||
CVE-2010-4900 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2023-12-10 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
CVE-2012-1029 | 1 Tubeace | 1 Tube Ace | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-1736 | 1 Aspindir | 1 Krm Haber | 2023-12-10 | 5.0 MEDIUM | N/A |
KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | |||||
CVE-2011-1613 | 1 Cisco | 1 Wireless Lan Controller Software | 2023-12-10 | 7.8 HIGH | N/A |
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426. | |||||
CVE-2010-2848 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | |||||
CVE-2011-2945 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream. | |||||
CVE-2011-2313 | 2 Oracle, Sun | 2 Solaris, Sunos | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2311. | |||||
CVE-2011-0866 | 1 Sun | 2 Jdk, Jre | 2023-12-10 | 7.6 HIGH | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. |