Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5178 | 2 Microsoft, Pctools | 2 Windows Xp, Threatfire | 2012-08-26 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5179 | 2 Microsoft, Trendmicro | 2 Windows Xp, Internet Security 2010 | 2012-08-26 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5180 | 2 Anti-virus, Microsoft | 2 Virusblockada32, Windows Xp | 2012-08-26 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5181 | 2 Gfi, Microsoft | 2 Vipre Antivirus, Windows Xp | 2012-08-26 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5182 | 2 Microsoft, Virusbuster | 2 Windows Xp, Virusbuster Internet Securit Suite | 2012-08-26 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in VirusBuster Internet Security Suite 3.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2010-5186 | 1 Comodo | 1 Comodo Internet Security | 2012-08-26 | 4.3 MEDIUM | N/A |
| The Antivirus component in Comodo Internet Security before 4.1.150349.920 allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2010-5187 | 1 Silverstripe | 1 Silverstripe | 2012-08-26 | 4.3 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message. | |||||
| CVE-2010-5190 | 1 Bluecoat | 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more | 2012-08-26 | 5.0 MEDIUM | N/A |
| The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. | |||||
| CVE-2011-5118 | 1 Comodo | 1 Comodo Internet Security | 2012-08-26 | 1.9 LOW | N/A |
| Multiple race conditions in Comodo Internet Security before 5.8.213334.2131 allow local users to bypass the Defense+ feature via unspecified vectors. | |||||
| CVE-2011-5119 | 1 Comodo | 1 Comodo Internet Security | 2012-08-26 | 1.9 LOW | N/A |
| Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors. | |||||
| CVE-2011-5120 | 1 Comodo | 1 Comodo Internet Security | 2012-08-26 | 4.3 MEDIUM | N/A |
| The Antivirus component in Comodo Internet Security before 5.4.189822.1355 allows remote attackers to cause a denial of service (application crash) via a crafted .PST file. | |||||
| CVE-2011-5121 | 1 Comodo | 1 Comodo Internet Security | 2012-08-26 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2012-0048 | 1 Openttd | 1 Openttd | 2012-08-26 | 4.3 MEDIUM | N/A |
| OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. | |||||
| CVE-2012-1175 | 1 Gnu | 1 Gnash | 2012-08-26 | 6.8 MEDIUM | N/A |
| Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. | |||||
| CVE-2012-2146 | 1 Ematia | 1 Elixir | 2012-08-26 | 4.3 MEDIUM | N/A |
| Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. | |||||
| CVE-2012-3477 | 1 Thomas Hunter | 1 Neoinvoice | 2012-08-26 | 7.5 HIGH | N/A |
| SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. | |||||
| CVE-2012-3483 | 1 Google | 1 Tunnelblick | 2012-08-26 | 6.2 MEDIUM | N/A |
| Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. | |||||
| CVE-2012-3484 | 1 Google | 1 Tunnelblick | 2012-08-26 | 7.2 HIGH | N/A |
| Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. | |||||
| CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2012-08-26 | 6.9 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||||
| CVE-2012-3487 | 1 Google | 1 Tunnelblick | 2012-08-26 | 1.2 LOW | N/A |
| Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | |||||