Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1235 | 1 Google | 1 Chrome | 2017-09-18 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors. | |||||
| CVE-2010-1237 | 1 Google | 1 Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element. | |||||
| CVE-2010-1455 | 2 Ethereal Group, Wireshark | 2 Ethereal, Wireshark | 2017-09-18 | 4.3 MEDIUM | N/A |
| The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. | |||||
| CVE-2010-1807 | 3 Apple, Google, Webkitgtk | 3 Safari, Android, Webkitgtk | 2017-09-18 | 9.3 HIGH | N/A |
| WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | |||||
| CVE-2009-2261 | 1 Giorgio Tani | 1 Peazip | 2017-09-18 | 9.3 HIGH | N/A |
| PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command. | |||||
| CVE-2009-2305 | 1 Armassa | 2 Ard-9808, Ard-9808 Software | 2017-09-18 | 7.8 HIGH | N/A |
| The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences. | |||||
| CVE-2009-2470 | 1 Mozilla | 1 Firefox | 2017-09-18 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | |||||
| CVE-2009-2620 | 1 Firebirdsql | 1 Firebird | 2017-09-18 | 5.0 MEDIUM | N/A |
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. | |||||
| CVE-2009-2655 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2017-09-18 | 4.3 MEDIUM | N/A |
| mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1. | |||||
| CVE-2009-2715 | 1 Sun | 1 Virtualbox | 2017-09-18 | 4.9 MEDIUM | N/A |
| Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction. | |||||
| CVE-2009-2765 | 1 Dd-wrt | 1 Dd-wrt | 2017-09-18 | 8.3 HIGH | N/A |
| httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI. | |||||
| CVE-2009-2855 | 1 Squid-cache | 1 Squid | 2017-09-18 | 5.0 MEDIUM | N/A |
| The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. | |||||
| CVE-2009-2852 | 2 Ryan.mcgeary, Wordpress | 2 Wp-syntax, Wordpress | 2017-09-18 | 6.8 MEDIUM | N/A |
| WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. | |||||
| CVE-2009-3048 | 4 Conectiva, Freebsd, Opera and 1 more | 4 Linux, Freebsd, Opera Browser and 1 more | 2017-09-18 | 4.3 MEDIUM | N/A |
| Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." | |||||
| CVE-2009-3084 | 1 Pidgin | 2 Libpurple, Pidgin | 2017-09-18 | 5.0 MEDIUM | N/A |
| The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. | |||||
| CVE-2009-3078 | 1 Mozilla | 1 Firefox | 2017-09-18 | 5.0 MEDIUM | N/A |
| Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | |||||
| CVE-2009-3115 | 1 Solarwinds | 1 Tftp Server | 2017-09-18 | 5.0 MEDIUM | N/A |
| SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3245 | 1 Openssl | 1 Openssl | 2017-09-18 | 10.0 HIGH | N/A |
| OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. | |||||
| CVE-2009-3250 | 1 Vtiger | 1 Vtiger Crm | 2017-09-18 | 9.0 HIGH | N/A |
| The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. | |||||
| CVE-2009-3271 | 1 Apple | 2 Iphone Os, Safari | 2017-09-18 | 4.3 MEDIUM | N/A |
| Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | |||||