ReportizFlow
Filtered by vendor
Subscriptions
Total
2705 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1986 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2025-04-11 | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. | ||||
| CVE-2013-2885 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | N/A |
| Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields input type. | ||||
| CVE-2011-1385 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | N/A |
| IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. | ||||
| CVE-2011-2363 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||||
| CVE-2011-1575 | 1 Pureftpd | 1 Pure-ftpd | 2025-04-11 | N/A |
| The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | ||||
| CVE-2012-1539 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 7 and 2 more | 2025-04-11 | 8.1 High |
| Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability." | ||||
| CVE-2011-1757 | 1 Brad Fitzpatrick | 1 Djabberd | 2025-04-11 | N/A |
| DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | ||||
| CVE-2012-2199 | 2 Ibm, Oracle | 2 Websphere Mq, Solaris | 2025-04-11 | N/A |
| The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel. | ||||
| CVE-2011-2373 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | ||||
| CVE-2011-1854 | 1 Hp | 1 Intelligent Management Center | 2025-04-11 | N/A |
| Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler. | ||||
| CVE-2011-1877 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | N/A |
| Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability." | ||||
| CVE-2011-0667 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | ||||
| CVE-2011-0671 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 8.4 High |
| Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | ||||
| CVE-2011-1951 | 2 Oneidentity, Pcre | 2 Syslog-ng, Pcre | 2025-04-11 | N/A |
| lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression. | ||||
| CVE-2011-1952 | 1 Postrev | 1 Post Revolution | 2025-04-11 | N/A |
| common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence. | ||||
| CVE-2011-2173 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | N/A |
| The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via requests. | ||||
| CVE-2013-3902 | 1 Microsoft | 1 Windows 7 | 2025-04-11 | N/A |
| Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." | ||||
| CVE-2012-1178 | 2 Pidgin, Redhat | 2 Pidgin, Enterprise Linux | 2025-04-11 | N/A |
| The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding. | ||||
| CVE-2013-3459 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | N/A |
| Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | ||||
| CVE-2011-0014 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2025-04-11 | N/A |
| ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." | ||||