Export limit exceeded: 11932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0038 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." | ||||
| CVE-2011-1888 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability." | ||||
| CVE-2010-3718 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | ||||
| CVE-2010-3730 | 1 Google | 1 Chrome | 2025-04-11 | 8.8 High |
| Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue. | ||||
| CVE-2011-1165 | 2 David King, Redhat | 2 Vino, Enterprise Linux | 2025-04-11 | N/A |
| Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks. | ||||
| CVE-2007-6738 | 1 G.rodola | 1 Pyftpdlib | 2025-04-11 | N/A |
| pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command. | ||||
| CVE-2010-3773 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-11 | N/A |
| Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179. | ||||
| CVE-2010-3775 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-11 | N/A |
| Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. | ||||
| CVE-2011-1927 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets. | ||||
| CVE-2010-3780 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2025-04-11 | N/A |
| Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions. | ||||
| CVE-2011-1767 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. | ||||
| CVE-2010-3923 | 1 Mitsu Hiro Hi Rose | 1 Attachecase | 2025-04-11 | N/A |
| Untrusted search path vulnerability in AttacheCase before 2.70 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | ||||
| CVE-2010-3826 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | ||||
| CVE-2010-3828 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | ||||
| CVE-2010-3840 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-11 | N/A |
| The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | ||||
| CVE-2010-3853 | 2 Linux-pam, Redhat | 2 Linux-pam, Enterprise Linux | 2025-04-11 | N/A |
| pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. | ||||
| CVE-2011-1975 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | N/A |
| Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." | ||||
| CVE-2011-1980 | 1 Microsoft | 1 Office | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability." | ||||
| CVE-2011-1023 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation. | ||||
| CVE-2010-4499 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2025-04-11 | N/A |
| Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. | ||||