| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2011-3954 |
400 |
|
DoS |
2012-02-09 |
2020-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. |
|
302 |
CVE-2011-3953 |
|
|
|
2012-02-09 |
2020-05-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors. |
|
303 |
CVE-2011-3670 |
200 |
|
+Info |
2012-02-01 |
2017-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. |
|
304 |
CVE-2011-3659 |
416 |
|
Exec Code |
2012-02-01 |
2020-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. |
|
305 |
CVE-2011-3563 |
|
|
|
2012-02-15 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. |
|
306 |
CVE-2011-3463 |
287 |
|
+Priv |
2012-02-02 |
2012-02-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. |
|
307 |
CVE-2011-3462 |
|
|
+Info |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. |
|
308 |
CVE-2011-3460 |
119 |
|
DoS Exec Code Overflow |
2012-02-02 |
2012-05-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file. |
|
309 |
CVE-2011-3459 |
189 |
|
DoS Exec Code Overflow |
2012-02-02 |
2012-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow. |
|
310 |
CVE-2011-3458 |
264 |
|
DoS Exec Code |
2012-02-02 |
2012-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file. |
|
311 |
CVE-2011-3457 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-02 |
2012-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program. |
|
312 |
CVE-2011-3453 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-02-02 |
2018-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data. |
|
313 |
CVE-2011-3452 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. |
|
314 |
CVE-2011-3450 |
399 |
|
DoS Exec Code |
2012-02-02 |
2012-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL. |
|
315 |
CVE-2011-3449 |
399 |
|
DoS Exec Code |
2012-02-02 |
2012-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. |
|
316 |
CVE-2011-3448 |
119 |
|
DoS Exec Code Overflow |
2012-02-02 |
2012-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. |
|
317 |
CVE-2011-3447 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL. |
|
318 |
CVE-2011-3446 |
|
|
DoS Exec Code |
2012-02-02 |
2012-02-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. |
|
319 |
CVE-2011-3444 |
310 |
|
|
2012-02-02 |
2012-02-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network. |
|
320 |
CVE-2011-3361 |
79 |
|
XSS |
2012-02-18 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi. |
|
321 |
CVE-2011-3027 |
704 |
|
DoS |
2012-02-16 |
2020-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. |
|
322 |
CVE-2011-3026 |
190 |
|
DoS Overflow |
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. |
|
323 |
CVE-2011-3025 |
125 |
|
DoS |
2012-02-16 |
2020-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.56 does not properly parse H.264 data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
324 |
CVE-2011-3024 |
295 |
|
DoS |
2012-02-16 |
2020-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. |
|
325 |
CVE-2011-3023 |
416 |
|
DoS |
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to drag-and-drop operations. |
|
326 |
CVE-2011-3022 |
319 |
|
+Info |
2012-02-16 |
2020-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
327 |
CVE-2011-3021 |
416 |
|
DoS |
2012-02-16 |
2020-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. |
|
328 |
CVE-2011-3020 |
|
|
|
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors. |
|
329 |
CVE-2011-3019 |
787 |
|
DoS Overflow |
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. |
|
330 |
CVE-2011-3018 |
787 |
|
DoS Overflow |
2012-02-16 |
2020-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering. |
|
331 |
CVE-2011-3017 |
416 |
|
DoS |
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling. |
|
332 |
CVE-2011-3016 |
416 |
|
DoS |
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. |
|
333 |
CVE-2011-3015 |
190 |
|
DoS Overflow |
2012-02-16 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
334 |
CVE-2011-2525 |
476 |
|
DoS |
2012-02-02 |
2020-08-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. |
|
335 |
CVE-2011-2393 |
399 |
|
DoS |
2012-02-02 |
2012-02-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670. |
|
336 |
CVE-2011-1914 |
119 |
|
Exec Code Overflow |
2012-02-21 |
2012-02-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
337 |
CVE-2011-1573 |
682 |
|
DoS |
2012-02-02 |
2020-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. |
|
338 |
CVE-2010-5085 |
352 |
|
CSRF |
2012-02-14 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/update_user in Hulihan Amethyst 0.1.5, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. |
|
339 |
CVE-2010-5084 |
352 |
|
CSRF |
2012-02-14 |
2012-02-15 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The cross-site request forgery (CSRF) protection mechanism in e107 before 0.7.23 uses a predictable random token based on the creation date of the administrator account, which allows remote attackers to hijack the authentication of administrators for requests that add new users via e107_admin/users.php. |
|
340 |
CVE-2010-5083 |
89 |
1
|
Exec Code Sql |
2012-02-14 |
2019-07-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php. |
|
341 |
CVE-2010-4563 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. |
|
342 |
CVE-2010-4562 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. |
|
343 |
CVE-2006-7250 |
|
|
DoS |
2012-02-29 |
2018-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. |
