Total
13113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7020 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-11 | 6.8 MEDIUM | N/A |
| The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. | |||||
| CVE-2011-2866 | 1 Apple | 2 Itunes, Webkit | 2025-04-11 | 7.6 HIGH | N/A |
| WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | |||||
| CVE-2011-2114 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128. | |||||
| CVE-2012-3971 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 10.0 HIGH | N/A |
| Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. | |||||
| CVE-2013-2266 | 1 Isc | 1 Bind | 2025-04-11 | 7.8 HIGH | N/A |
| libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. | |||||
| CVE-2012-2614 | 1 Lattice Semiconductor | 1 Lattice Diamond Programmer | 2025-04-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file. | |||||
| CVE-2011-3208 | 1 Cmu | 1 Cyrus Imap Server | 2025-04-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. | |||||
| CVE-2012-1830 | 1 Wellintech | 1 Kingview | 2025-04-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. | |||||
| CVE-2010-0107 | 1 Symantec | 4 Client Security, Norton 360, Norton Antivirus and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site." | |||||
| CVE-2012-0759 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771. | |||||
| CVE-2012-0658 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. | |||||
| CVE-2013-5128 | 1 Apple | 1 Iphone Os | 2025-04-11 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
| CVE-2013-2907 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Window.prototype object implementation in Google Chrome before 30.0.1599.66 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2011-2426 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-4557 | 1 Invensys | 2 Foxboro I\/a Series Batch, Wonderware Inbatch | 2025-04-11 | 10.0 HIGH | N/A |
| Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001. | |||||
| CVE-2012-1509 | 1 Vmware | 1 View | 2025-04-11 | 7.2 HIGH | N/A |
| Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
| CVE-2010-5145 | 2 Microsoft, Websense | 3 Windows, Websense Web Filter, Websense Web Security | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI. | |||||
| CVE-2009-4243 | 3 Apple, Microsoft, Realnetworks | 6 Mac Os X, Windows, Helix Player and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." | |||||
| CVE-2013-0999 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
| CVE-2011-1283 | 1 Microsoft | 5 Windows 2003 Server, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 7.2 HIGH | N/A |
| The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability." | |||||