Total
13210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2764 | 6 Ioquake3, Openarena, Smokin-guns and 3 more | 6 Ioquake3 Engine, Openarena, Smokin\' Guns and 3 more | 2025-04-11 | N/A |
| The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file. | ||||
| CVE-2011-2783 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. | ||||
| CVE-2011-2802 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site. | ||||
| CVE-2011-2822 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-11 | N/A |
| Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors. | ||||
| CVE-2011-2838 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 14.0.835.163 does not properly consider the MIME type during the loading of a plug-in, which has unspecified impact and remote attack vectors. | ||||
| CVE-2011-2839 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | N/A |
| The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2011-2848 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button. | ||||
| CVE-2010-2246 | 1 Feh Project | 1 Feh | 2025-04-11 | N/A |
| feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
| CVE-2011-4092 | 1 Ubuntu Developers | 1 Obby | 2025-04-11 | N/A |
| obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate. | ||||
| CVE-2011-2978 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address (aka old_email field) for e-mail change notifications, which makes it easier for remote attackers to perform arbitrary address changes by leveraging an unattended workstation. | ||||
| CVE-2011-4106 | 1 Binarymoon | 1 Timthumb | 2025-04-11 | N/A |
| TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011. | ||||
| CVE-2011-3063 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. | ||||
| CVE-2011-0664 | 1 Microsoft | 8 .net Framework, Silverlight, Windows 2003 Server and 5 more | 2025-04-11 | N/A |
| Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability." | ||||
| CVE-2011-0726 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. | ||||
| CVE-2011-3185 | 2 Microsoft, Pidgin | 2 Windows, Pidgin | 2025-04-11 | N/A |
| gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | ||||
| CVE-2011-3227 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | ||||
| CVE-2011-5086 | 1 Nsoftware | 1 Unitronics Uniopc | 2025-04-11 | N/A |
| https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site. | ||||
| CVE-2011-5055 | 1 Maradns | 1 Maradns | 2025-04-11 | N/A |
| MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024. | ||||
| CVE-2011-4755 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | N/A |
| Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files. | ||||
| CVE-2011-4871 | 1 Opcsystems | 1 Opcsystems.net | 2025-04-11 | N/A |
| Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. | ||||