Total
12237 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1807 | 1 Google | 1 Chrome | 2025-04-11 | 10.0 HIGH | N/A |
| Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write. | |||||
| CVE-2010-4543 | 1 Gimp | 1 Gimp | 2025-04-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1451 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for context-dependent attackers to exploit stack-based buffer overflows via a crafted application. | |||||
| CVE-2013-3346 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341. | |||||
| CVE-2013-2028 | 2 F5, Fedoraproject | 2 Nginx, Fedora | 2025-04-11 | 7.5 HIGH | N/A |
| The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | |||||
| CVE-2010-3848 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-11 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. | |||||
| CVE-2011-4371 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Reader, Macos and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2012-4024 | 1 Squashfs Project | 1 Squashfs | 2025-04-11 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. | |||||
| CVE-2010-1297 | 5 Adobe, Apple, Microsoft and 2 more | 7 Acrobat, Air, Flash Player and 4 more | 2025-04-11 | 9.3 HIGH | 7.8 HIGH |
| Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. | |||||
| CVE-2012-3400 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-11 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem. | |||||
| CVE-2010-2519 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. | |||||
| CVE-2011-0495 | 3 Debian, Digium, Fedoraproject | 6 Debian Linux, Asterisk, Asterisknow and 3 more | 2025-04-11 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. | |||||
| CVE-2010-3874 | 5 Debian, Fedoraproject, Linux and 2 more | 7 Debian Linux, Fedora, Linux Kernel and 4 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory corruption) via a connect operation. | |||||
| CVE-2012-4202 | 5 Canonical, Mozilla, Opensuse and 2 more | 13 Ubuntu Linux, Firefox, Seamonkey and 10 more | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. | |||||
| CVE-2011-0186 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-11 | 4.3 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. | |||||
| CVE-2011-2896 | 3 Apple, Gimp, Swi-prolog | 3 Cups, Gimp, Swi-prolog | 2025-04-11 | 5.1 MEDIUM | N/A |
| The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. | |||||
| CVE-2013-0782 | 5 Canonical, Debian, Mozilla and 2 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-3967 | 6 Canonical, Linux, Mozilla and 3 more | 14 Ubuntu Linux, Linux Kernel, Firefox and 11 more | 2025-04-11 | 9.3 HIGH | N/A |
| The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. | |||||
| CVE-2010-1283 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2025-04-11 | 9.3 HIGH | 8.8 HIGH |
| Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record. | |||||
| CVE-2012-4191 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||