Vulnerabilities (CVE)

Filtered by CWE-20
Total 10428 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4196 1 Adobe 1 Shockwave Player 2025-04-11 9.3 HIGH N/A
The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
CVE-2013-7113 1 Wireshark 1 Wireshark 2025-04-11 5.0 MEDIUM N/A
epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2011-0983 3 Apple, Debian, Google 5 Iphone Os, Itunes, Safari and 2 more 2025-04-11 7.5 HIGH N/A
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2011-3884 1 Google 1 Chrome 2025-04-11 6.8 MEDIUM N/A
Google Chrome before 15.0.874.102 does not properly address timing issues during DOM traversal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
CVE-2013-0292 1 Freedesktop 1 Dbus-glib 2025-04-11 7.2 HIGH N/A
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
CVE-2011-1197 1 Google 1 Chrome 2025-04-11 7.5 HIGH N/A
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2011-0664 1 Microsoft 8 .net Framework, Silverlight, Windows 2003 Server and 5 more 2025-04-11 9.3 HIGH N/A
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
CVE-2013-4098 1 Ds3 1 Authentication Server 2025-04-11 5.0 MEDIUM N/A
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter.
CVE-2012-0052 1 Redhat 1 Jboss Operations Network 2025-04-11 5.8 MEDIUM N/A
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.
CVE-2012-2488 1 Cisco 3 Asr 9000 Rsp440 Router, Crs Performance Route Processor, Ios Xr 2025-04-11 7.8 HIGH N/A
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
CVE-2010-0496 2 Apple, Freebit 2 Iphone Os, Serversman 2025-04-11 5.0 MEDIUM N/A
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI.
CVE-2012-0738 1 Ibm 2 Rational Policy Tester, Security Appscan 2025-04-11 5.8 MEDIUM N/A
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.
CVE-2011-1320 1 Ibm 1 Websphere Application Server 2025-04-11 6.8 MEDIUM N/A
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.
CVE-2012-5785 1 Apache 1 Axis2 2025-04-11 5.8 MEDIUM N/A
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5241 1 Services Twitter Group 1 Services Twitter 2025-04-11 5.8 MEDIUM N/A
Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-0860 1 Ffmpeg 1 Ffmpeg 2025-04-11 4.3 MEDIUM N/A
The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data.
CVE-2010-1897 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 7.2 HIGH N/A
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
CVE-2010-2805 3 Apple, Canonical, Freetype 5 Iphone Os, Mac Os X, Tvos and 2 more 2025-04-11 6.8 MEDIUM N/A
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2012-3691 1 Apple 1 Safari 2025-04-11 5.8 MEDIUM N/A
WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2013-1584 1 Wireshark 1 Wireshark 2025-04-11 2.9 LOW N/A
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.