Export limit exceeded: 25409 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25409 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3203 | 1 Jcow | 1 Jcow Cms | 2024-11-21 | 9.8 Critical |
| A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | ||||
| CVE-2011-3147 | 1 Openstack | 1 Nova | 2024-11-21 | 8.6 High |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | ||||
| CVE-2011-2922 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 7.8 High |
| ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code. | ||||
| CVE-2011-2902 | 2 Debian, Glyphandcog | 2 Debian Linux, Xpdf | 2024-11-21 | N/A |
| zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. | ||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | ||||
| CVE-2011-2863 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2011-2808 | 1 Google | 1 Blink | 2024-11-21 | 6.5 Medium |
| A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. | ||||
| CVE-2011-2480 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-11-21 | 7.5 High |
| Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. | ||||
| CVE-2011-2343 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | ||||
| CVE-2011-1934 | 2 Debian, Lilo Project | 2 Debian Linux, Lilo | 2024-11-21 | 4.3 Medium |
| lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. | ||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 9.8 Critical |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | ||||
| CVE-2011-0704 | 1 Fedoraproject | 1 389 Directory Server | 2024-11-21 | N/A |
| 389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request. | ||||
| CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2024-11-21 | 9.8 Critical |
| In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. | ||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2024-11-21 | 7.5 High |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | ||||
| CVE-2011-0220 | 1 Apple | 1 Bonjour | 2024-11-21 | 5.5 Medium |
| Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. | ||||
| CVE-2010-4815 | 1 Coppermine-gallery | 1 Coppermine Gallery | 2024-11-21 | 9.8 Critical |
| Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. | ||||
| CVE-2010-4660 | 1 Status | 1 Statusnet | 2024-11-21 | 9.8 Critical |
| Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. | ||||
| CVE-2010-4239 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 9.8 Critical |
| Tiki Wiki CMS Groupware 5.2 has Local File Inclusion | ||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | ||||
| CVE-2010-3673 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.3 Medium |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | ||||