Search Results (3295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5142 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-5141 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
CVE-2011-4091 3 Armin Burgmeier, Opensuse, Oracle 3 Net6, Opensuse, Solaris 2025-04-11 N/A
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
CVE-2011-4093 4 Armin Burgmeier, Opensuse, Opensuse Project and 1 more 4 Net6, Opensuse, Opensuse and 1 more 2025-04-11 N/A
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
CVE-2012-5140 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.
CVE-2012-5137 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Media Source API.
CVE-2012-5136 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
CVE-2010-2301 3 Google, Opensuse, Suse 4 Chrome, Opensuse, Suse Linux Enterprise Desktop and 1 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.
CVE-2012-4564 5 Canonical, Debian, Libtiff and 2 more 9 Ubuntu Linux, Debian Linux, Libtiff and 6 more 2025-04-11 N/A
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
CVE-2012-4540 2 Opensuse, Redhat 3 Opensuse, Enterprise Linux, Icedtea-web 2025-04-11 N/A
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.
CVE-2011-4862 9 Debian, Fedoraproject, Freebsd and 6 more 14 Debian Linux, Fedora, Freebsd and 11 more 2025-04-11 N/A
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2010-2249 9 Apple, Canonical, Debian and 6 more 13 Iphone Os, Itunes, Safari and 10 more 2025-04-11 6.5 Medium
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
CVE-2012-2751 4 Debian, Opensuse, Oracle and 1 more 4 Debian Linux, Opensuse, Http Server and 1 more 2025-04-11 N/A
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
CVE-2012-3489 6 Apple, Canonical, Debian and 3 more 10 Mac Os X Server, Ubuntu Linux, Debian Linux and 7 more 2025-04-11 6.5 Medium
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
CVE-2012-0031 5 Apache, Debian, Opensuse and 2 more 13 Http Server, Debian Linux, Opensuse and 10 more 2025-04-11 N/A
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
CVE-2012-2865 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
CVE-2012-4292 4 Opensuse, Redhat, Sun and 1 more 4 Opensuse, Enterprise Linux, Sunos and 1 more 2025-04-11 N/A
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2012-2866 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
CVE-2012-2868 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.
CVE-2012-2869 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."