Unknown · CVSS Not scored
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
Published Feb 2, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.
Published Feb 2, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
Published Feb 2, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
Published Feb 2, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.
Published Feb 19, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain.
Published Feb 5, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi.
Published Feb 18, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
Published Feb 12, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
Published Feb 16, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.
Published Feb 26, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.
Published Feb 5, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
Published Feb 4, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.
Published Feb 2, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Mambo CMS through 4.6.5 has multiple XSS.
Published Feb 12, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
Published Feb 20, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.
Published Feb 12, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.
Published Feb 8, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Published Feb 26, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
OpenVAS Manager v2.0.3 allows plugin remote code execution.
Published Feb 5, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.
Published Feb 5, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
Published Feb 2, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
Published Feb 5, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
Published Feb 5, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors.
Published Feb 25, 2011 · Updated Aug 6, 2024
Unknown · CVSS Not scored
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.
Published Feb 7, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Feb 25, 2011 · Updated Aug 6, 2024
Unknown · CVSS Not scored
CSRF vulnerability in Smoothwall Express 3.
Published Feb 7, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
Published Feb 25, 2011 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
Published Feb 7, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.
Published Feb 25, 2011 · Updated Aug 6, 2024