| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
4701 |
CVE-2011-4043 |
189 |
|
Exec Code Overflow |
2012-04-03 |
2012-04-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large value for an integer parameter, leading to a buffer overflow. |
|
4702 |
CVE-2011-4042 |
|
|
Exec Code |
2012-04-03 |
2012-04-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer. |
|
4703 |
CVE-2011-4041 |
94 |
|
Exec Code |
2012-02-06 |
2012-12-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592. |
|
4704 |
CVE-2011-4039 |
264 |
|
Exec Code |
2012-02-10 |
2012-02-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation." |
|
4705 |
CVE-2011-4038 |
79 |
|
XSS |
2012-02-10 |
2012-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
|
4706 |
CVE-2011-4031 |
191 |
|
Exec Code |
2012-05-09 |
2020-12-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet. |
|
4707 |
CVE-2011-4029 |
362 |
|
DoS |
2012-07-03 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. |
|
4708 |
CVE-2011-4028 |
59 |
|
|
2012-07-03 |
2020-08-24 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. |
|
4709 |
CVE-2011-4023 |
399 |
|
DoS |
2012-05-03 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682. |
|
4710 |
CVE-2011-4022 |
287 |
|
DoS |
2012-05-03 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. |
|
4711 |
CVE-2011-4019 |
399 |
|
DoS |
2012-05-03 |
2012-05-30 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. |
|
4712 |
CVE-2011-4016 |
20 |
|
DoS |
2012-05-02 |
2016-12-07 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. |
|
4713 |
CVE-2011-4015 |
20 |
|
DoS |
2012-05-02 |
2012-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. |
|
4714 |
CVE-2011-4014 |
200 |
|
+Info |
2012-05-02 |
2012-08-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. |
|
4715 |
CVE-2011-4012 |
|
|
|
2012-05-02 |
2012-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) is used, does not create a fragment entry during processing of an ICMPv6 ACL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtj90091. |
|
4716 |
CVE-2011-4007 |
20 |
|
DoS |
2012-05-02 |
2012-10-30 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576. |
|
4717 |
CVE-2011-4006 |
20 |
|
DoS |
2012-05-02 |
2012-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The ESMTP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.5 allows remote attackers to cause a denial of service (CPU consumption) via an unspecified closing sequence, aka Bug ID CSCtt32565. |
|
4718 |
CVE-2011-3972 |
787 |
|
DoS |
2012-02-09 |
2020-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
4719 |
CVE-2011-3971 |
416 |
|
DoS |
2012-02-09 |
2020-05-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. |
|
4720 |
CVE-2011-3970 |
125 |
|
DoS |
2012-02-09 |
2020-09-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
4721 |
CVE-2011-3969 |
416 |
|
DoS |
2012-02-09 |
2020-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. |
|
4722 |
CVE-2011-3968 |
416 |
|
DoS |
2012-02-09 |
2020-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. |
|
4723 |
CVE-2011-3967 |
|
|
DoS |
2012-02-09 |
2020-05-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate. |
|
4724 |
CVE-2011-3966 |
416 |
|
DoS |
2012-02-09 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. |
|
4725 |
CVE-2011-3965 |
347 |
|
DoS |
2012-02-09 |
2020-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
|
4726 |
CVE-2011-3964 |
20 |
|
|
2012-02-09 |
2020-04-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors. |
|
4727 |
CVE-2011-3963 |
125 |
|
DoS |
2012-02-09 |
2020-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
4728 |
CVE-2011-3962 |
125 |
|
DoS |
2012-02-09 |
2020-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
4729 |
CVE-2011-3961 |
362 |
|
Exec Code |
2012-02-09 |
2020-05-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process. |
|
4730 |
CVE-2011-3960 |
125 |
|
DoS |
2012-02-09 |
2020-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
|
4731 |
CVE-2011-3959 |
120 |
|
DoS Overflow |
2012-02-09 |
2020-04-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
4732 |
CVE-2011-3958 |
416 |
|
DoS |
2012-02-09 |
2020-04-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. |
|
4733 |
CVE-2011-3957 |
416 |
|
DoS |
2012-02-09 |
2020-05-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents. |
|
4734 |
CVE-2011-3956 |
346 |
|
Bypass |
2012-02-09 |
2020-04-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. |
|
4735 |
CVE-2011-3955 |
|
|
DoS |
2012-02-09 |
2020-05-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction. |
|
4736 |
CVE-2011-3954 |
400 |
|
DoS |
2012-02-09 |
2020-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. |
|
4737 |
CVE-2011-3953 |
|
|
|
2012-02-09 |
2020-05-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors. |
|
4738 |
CVE-2011-3952 |
20 |
|
DoS Exec Code |
2012-08-20 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file. |
|
4739 |
CVE-2011-3951 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2012-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file. |
|
4740 |
CVE-2011-3947 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2012-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file. |
|
4741 |
CVE-2011-3945 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2012-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted media file. |
|
4742 |
CVE-2011-3940 |
119 |
|
DoS Overflow |
2012-08-20 |
2012-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams." |
|
4743 |
CVE-2011-3936 |
20 |
|
DoS |
2012-08-20 |
2012-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file. |
|
4744 |
CVE-2011-3929 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2012-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file. |
|
4745 |
CVE-2011-3928 |
416 |
|
DoS |
2012-01-24 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling. |
|
4746 |
CVE-2011-3927 |
665 |
|
DoS |
2012-01-24 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
4747 |
CVE-2011-3926 |
787 |
|
DoS Overflow |
2012-01-24 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
4748 |
CVE-2011-3925 |
416 |
|
DoS Mem. Corr. |
2012-01-24 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the Safe Browsing feature in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors related to a navigation entry and an interstitial page. |
|
4749 |
CVE-2011-3924 |
416 |
|
DoS |
2012-01-24 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. |
|
4750 |
CVE-2011-3922 |
787 |
|
DoS Overflow |
2012-01-07 |
2020-05-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling. |
