Total
253028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5086 | 1 Bitweaver | 1 Bitweaver | 2023-12-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wiki/rankings.php in Bitweaver 2.7 and 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the style parameter. | |||||
| CVE-2011-1227 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | |||||
| CVE-2010-2828 | 1 Cisco | 2 Ios, Ios Xe | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (device reload) via crafted H.323 packets, aka Bug ID CSCtc73759. | |||||
| CVE-2011-0210 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. | |||||
| CVE-2011-3019 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. | |||||
| CVE-2010-3133 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. | |||||
| CVE-2000-1246 | 1 Novell | 2 Netware, Netware Ftp Server | 2023-12-10 | 3.5 LOW | N/A |
| NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command. | |||||
| CVE-2010-3053 | 1 Freetype | 1 Freetype | 2023-12-10 | 4.3 MEDIUM | N/A |
| bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. | |||||
| CVE-2011-2290 | 1 Sun | 1 Sunos | 2023-12-10 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs. | |||||
| CVE-2011-1066 | 2 Drupal, Reyero | 2 Drupal, Messaging | 2023-12-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-2459 | 1 2daybiz | 1 Video Community Portal Script | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. | |||||
| CVE-2010-4694 | 1 Catb | 1 Gif2png | 2023-12-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | |||||
| CVE-2010-1217 | 2 Je Form Creator, Joomla | 2 Je Form Creator, Joomla | 2023-12-10 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. | |||||
| CVE-2010-4360 | 1 Jurpo | 1 Jurpopage | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-0250 | 1 Microsoft | 4 Windows 7, Windows Server 2008, Windows Vista and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." | |||||
| CVE-2010-2119 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs. | |||||
| CVE-2010-2108 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. | |||||
| CVE-2011-4688 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | |||||
| CVE-2011-3224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 2.6 LOW | N/A |
| The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. | |||||
| CVE-2010-2786 | 1 Matomo | 1 Matomo | 2023-12-10 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows remote attackers to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request. | |||||