VYPR

CVEs

11,223 total · page 222 of 225

  • CVE-2012-1723CriKEVJun 16, 2012
    risk 0.92cvss 9.8epss 0.94

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via…

  • CVE-2012-0507CriKEVJun 7, 2012
    risk 0.93cvss 9.8epss 0.98

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related…

  • CVE-2011-3188CriMay 24, 2012
    risk 0.53cvss 9.1epss 0.06

    The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network…

  • CVE-2012-2926CriMay 22, 2012
    risk 0.67cvss 9.1epss 0.67

    Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3…

  • CVE-2012-1823CriKEVMay 11, 2012
    risk 0.87cvss 9.8epss 1.00

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options…

  • CVE-2012-1516CriMay 4, 2012
    risk 0.65cvss 9.9epss 0.03

    The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving…

  • CVE-2012-1710CriKEVMay 3, 2012
    risk 0.83cvss 9.8epss 0.11

    Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.

  • CVE-2012-0931CriJan 28, 2012
    risk 0.64cvss 9.8epss 0.05

    Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.

  • CVE-2011-4373CriJan 10, 2012
    risk 0.66cvss 9.8epss 0.31

    Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.

  • CVE-2011-4372CriJan 10, 2012
    risk 0.65cvss 9.8epss 0.13

    Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.

  • CVE-2012-0391CriKEVJan 8, 2012
    risk 0.78cvss 9.8epss 0.75

    The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

  • CVE-2011-2462CriKEVDec 7, 2011
    risk 0.86cvss 9.8epss 0.86

    Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown…

  • CVE-2011-2013CriNov 8, 2011
    risk 0.69cvss 9.8epss 0.34

    Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference…

  • CVE-2011-3544CriKEVOct 19, 2011
    risk 0.86cvss 9.8epss 0.97

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown…

  • CVE-2011-1889CriKEVJun 16, 2011
    risk 0.80cvss 9.8epss 0.48

    The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."

  • CVE-2011-0657CriApr 13, 2011
    risk 0.72cvss 9.8epss 0.63

    DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute…

  • CVE-2010-4344CriKEVDec 14, 2010
    risk 0.84cvss 9.8epss 0.72

    Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper…

  • CVE-2010-4478CriDec 6, 2010
    risk 0.64cvss 9.8epss 0.04

    OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round…

  • CVE-2010-1378CriNov 15, 2010
    risk 0.64cvss 9.8epss 0.01

    OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

  • CVE-2010-4205CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.01

    Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2010-4204CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.02

    WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2010-4203CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.05

    WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

  • CVE-2010-4202CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.01

    Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.

  • CVE-2010-4201CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.01

    Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.

  • CVE-2010-4197CriNov 6, 2010
    risk 0.64cvss 9.8epss 0.02

    Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.

  • CVE-2010-2941CriNov 5, 2010
    risk 0.64cvss 9.8epss 0.06

    ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP…

  • CVE-2010-3765CriKEVOct 28, 2010
    risk 0.85cvss 9.8epss 0.83

    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to…

  • CVE-2010-4042CriOct 21, 2010
    risk 0.64cvss 9.8epss 0.02

    Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."

  • CVE-2010-4041CriOct 21, 2010
    risk 0.64cvss 9.8epss 0.02

    The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2010-4039CriOct 21, 2010
    risk 0.64cvss 9.8epss 0.01

    Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.

  • CVE-2010-3729CriOct 5, 2010
    risk 0.64cvss 9.8epss 0.02

    The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2010-3416CriSep 16, 2010
    risk 0.64cvss 9.8epss 0.01

    Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2010-2076CriAug 19, 2010
    risk 0.64cvss 9.8epss 0.10

    Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read…

  • CVE-2010-2861CriKEVAug 11, 2010
    risk 0.93cvss 9.8epss 1.00

    Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3)…

  • CVE-2010-2965CriAug 5, 2010
    risk 0.68cvss 9.8epss 0.58

    The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls,…

  • CVE-2010-0211CriJul 28, 2010
    risk 0.69cvss 9.8epss 0.29

    The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN…

  • CVE-2010-1205CriJun 30, 2010
    risk 0.70cvss 9.8epss 0.43

    Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

  • CVE-2010-1573CriJun 10, 2010
    risk 0.65cvss 9.8epss 0.21

    Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a)…

  • CVE-2010-1866CriMay 7, 2010
    risk 0.67cvss 9.8epss 0.07

    The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an…

  • CVE-2010-0840CriKEVApr 1, 2010
    risk 0.86cvss 9.8epss 0.96

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous…

  • CVE-2009-4013CriFeb 2, 2010
    risk 0.64cvss 9.8epss 0.06

    Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field…

  • CVE-2009-4491CriJan 13, 2010
    risk 0.68cvss 9.8epss 0.13

    thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…

  • CVE-2009-4488CriJan 13, 2010
    risk 0.68cvss 9.8epss 0.13

    Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…

  • CVE-2009-4581CriJan 6, 2010
    risk 0.67cvss 9.8epss 0.05

    Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter.

  • CVE-2009-2512CriNov 11, 2009
    risk 0.66cvss 9.8epss 0.31

    The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services…

  • CVE-2009-3555CriNov 9, 2009
    risk 0.67cvss 9.8epss 0.87

    The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4…

  • CVE-2009-3616CriOct 23, 2009
    risk 0.58cvss 9.9epss 0.04

    Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message…

  • CVE-2009-3421CriSep 25, 2009
    risk 0.67cvss 9.8epss 0.05

    login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.

  • CVE-2008-7109CriAug 28, 2009
    risk 0.64cvss 9.8epss 0.04

    The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.

  • CVE-2009-1048CriAug 14, 2009
    risk 0.64cvss 9.8epss 0.06

    The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the…