Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1718 | 1 Php | 1 Php | 2018-10-30 | 7.8 HIGH | N/A |
| CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. | |||||
| CVE-2016-1111 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. | |||||
| CVE-2008-0384 | 1 Openbsd | 1 Openbsd | 2018-10-30 | 4.9 MEDIUM | N/A |
| OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked. | |||||
| CVE-2010-0169 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-30 | 5.0 MEDIUM | N/A |
| The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. | |||||
| CVE-2010-0106 | 1 Symantec | 3 Antivirus, Client Security, Endpoint Protection | 2018-10-30 | 1.9 LOW | N/A |
| The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. | |||||
| CVE-2009-4080 | 1 Sun | 2 Opensolaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. | |||||
| CVE-2009-3957 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2009-3462 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-30 | 5.1 MEDIUM | N/A |
| Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." | |||||
| CVE-2009-2202 | 1 Apple | 1 Quicktime | 2018-10-30 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. | |||||
| CVE-2009-3372 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-30 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | |||||
| CVE-2009-2979 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-10-30 | 4.3 MEDIUM | N/A |
| Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. | |||||
| CVE-2007-3567 | 1 Mysqldumper | 1 Mysqldumper | 2018-10-30 | 7.5 HIGH | N/A |
| MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. | |||||
| CVE-2007-3717 | 1 Sun | 1 Sunos | 2018-10-30 | 6.9 MEDIUM | N/A |
| rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. | |||||
| CVE-2007-4011 | 1 Cisco | 6 4100 Wireless Lan Controller, 4400 Wireless Lan Controller, Airespace 4000 Wireless Lan Controller and 3 more | 2018-10-30 | 7.1 HIGH | N/A |
| Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. | |||||
| CVE-2007-4012 | 1 Cisco | 6 4100 Wireless Lan Controller, 4400 Wireless Lan Controller, Airespace 4000 Wireless Lan Controller and 3 more | 2018-10-30 | 7.1 HIGH | N/A |
| Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374. | |||||
| CVE-2013-2277 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-30 | 7.5 HIGH | N/A |
| The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data. | |||||
| CVE-2013-2276 | 1 Ffmpeg | 1 Ffmpeg | 2018-10-30 | 7.5 HIGH | N/A |
| The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data. | |||||
| CVE-2007-4349 | 1 Hp | 4 Openview Performance Agent, Openview Reporter, Performance Agent and 1 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference. | |||||
| CVE-2007-4394 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2018-10-30 | 2.1 LOW | N/A |
| Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. | |||||
| CVE-2007-4432 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2018-10-30 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. | |||||