VYPR

CVEs

100,075 total · page 1995 of 2,002

  • CVE-2011-1142HigMar 3, 2011
    risk 0.49cvss 7.5epss 0.03

    Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.

  • CVE-2011-0709HigFeb 18, 2011
    risk 0.49cvss 7.5epss 0.04

    The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table.

  • CVE-2011-0539HigFeb 10, 2011
    risk 0.49cvss 7.5epss 0.02

    The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it…

  • CVE-2011-0346HigJan 7, 2011
    risk 0.55cvss 8.1epss 0.31

    Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the…

  • CVE-2010-4577HigDec 22, 2010
    risk 0.49cvss 7.5epss 0.02

    The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which…

  • CVE-2010-3957HigDec 16, 2010
    risk 0.48cvss 7.3epss 0.02

    Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka…

  • CVE-2010-3941HigDec 16, 2010
    risk 0.55cvss 8.4epss 0.01

    Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka…

  • CVE-2010-4345HigKEVDec 14, 2010
    risk 0.67cvss 7.8epss 0.18

    Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

  • CVE-2010-3904HigKEVDec 6, 2010
    risk 0.67cvss 7.8epss 0.11

    The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the…

  • CVE-2010-4398HigKEVDec 6, 2010
    risk 0.66cvss 7.8epss 0.09

    Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the…

  • CVE-2010-4210HigNov 22, 2010
    risk 0.54cvss 7.8epss 0.01

    The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code…

  • CVE-2010-3872HigNov 22, 2010
    risk 0.42cvss 7.5epss 0.03

    A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

  • CVE-2010-4168HigNov 17, 2010
    risk 0.49cvss 7.5epss 0.04

    Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2)…

  • CVE-2010-3333HigKEVNov 10, 2010
    risk 0.73cvss 7.8epss 0.90

    Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF…

  • CVE-2010-2572HigKEVNov 10, 2010
    risk 0.68cvss 7.8epss 0.63

    Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."

  • CVE-2010-4206HigNov 6, 2010
    risk 0.57cvss 8.8epss 0.03

    Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute…

  • CVE-2010-4199HigNov 6, 2010
    risk 0.57cvss 8.8epss 0.01

    Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

  • CVE-2010-4198HigNov 6, 2010
    risk 0.57cvss 8.8epss 0.01

    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML…

  • CVE-2010-3962HigKEVNov 5, 2010
    risk 0.75cvss 8.1epss 0.97

    Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory…

  • CVE-2010-4040HigOct 21, 2010
    risk 0.51cvss 7.8epss 0.01

    Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

  • CVE-2010-4038HigOct 21, 2010
    risk 0.49cvss 7.5epss 0.02

    The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2010-3328HigOct 13, 2010
    risk 0.60cvss 8.8epss 0.32

    Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption…

  • CVE-2010-1883HigOct 13, 2010
    risk 0.53cvss 7.8epss 0.23

    Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an…

  • CVE-2010-3730HigOct 5, 2010
    risk 0.57cvss 8.8epss 0.01

    Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web site, related to a "property pollution" issue.

  • CVE-2010-1822HigOct 4, 2010
    risk 0.57cvss 8.8epss 0.02

    WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an…

  • CVE-2010-2943HigSep 30, 2010
    risk 0.57cvss 8.1epss 0.17

    The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were…

  • CVE-2010-2537HigSep 30, 2010
    risk 0.46cvss 7.1epss 0.00

    The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.

  • CVE-2010-3081HigSep 24, 2010
    risk 0.54cvss 7.8epss 0.04

    The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging…

  • CVE-2010-1773HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Off-by-one error in the toAlphabetic function in rendering/RenderListMarker.cpp in WebCore in WebKit before r59950, as used in Google Chrome before 5.0.375.70, allows remote attackers to obtain sensitive information, cause a denial of service (memory corruption and application…

  • CVE-2010-1772HigSep 24, 2010
    risk 0.57cvss 8.8epss 0.02

    Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to…

  • CVE-2010-0820HigSep 15, 2010
    risk 0.58cvss 8.8epss 0.14

    Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server…

  • CVE-2010-3322HigSep 14, 2010
    risk 0.57cvss 8.8epss 0.01

    The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

  • CVE-2010-2883HigKEVSep 9, 2010
    risk 0.69cvss 7.3epss 0.82

    Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a…

  • CVE-2010-2960HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.01

    The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have…

  • CVE-2010-2798HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly…

  • CVE-2010-2524HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS…

  • CVE-2010-2492HigSep 8, 2010
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.

  • CVE-2010-3190HigAug 31, 2010
    risk 0.51cvss 7.8epss 0.09

    Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local…

  • CVE-2010-3035HigKEVAug 30, 2010
    risk 0.61cvss 7.5epss 0.06

    Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with…

  • CVE-2010-2554HigAug 11, 2010
    risk 0.54cvss 7.8epss 0.02

    The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing…

  • CVE-2010-1896HigAug 11, 2010
    risk 0.55cvss 8.4epss 0.01

    The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges…

  • CVE-2010-1889HigAug 11, 2010
    risk 0.54cvss 7.8epss 0.02

    Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free…

  • CVE-2010-2547HigAug 5, 2010
    risk 0.53cvss 8.1epss 0.05

    Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled…

  • CVE-2010-1871HigKEVAug 5, 2010
    risk 0.79cvss 8.8epss 0.83

    JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only…

  • CVE-2010-2753HigJul 30, 2010
    risk 0.58cvss 8.8epss 0.07

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which…

  • CVE-2010-1208HigJul 30, 2010
    risk 0.58cvss 8.8epss 0.05

    Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event…

  • CVE-2010-2772HigJul 22, 2010
    risk 0.51cvss 7.8epss 0.01

    Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.

  • CVE-2010-2568HigKEVJul 22, 2010
    risk 0.73cvss 7.8epss 0.91

    Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon…

  • CVE-2010-2073HigJun 16, 2010
    risk 0.49cvss 7.5epss 0.02

    auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.

  • CVE-2010-1260HigJun 8, 2010
    risk 0.50cvss 7.5epss 0.19

    The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory…