Search Results (1348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1964 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."
CVE-2011-1967 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
CVE-2011-1977 1 Microsoft 8 .net Framework, Chart Control For Microsoft .net Framework, Windows 2003 Server and 5 more 2025-04-11 N/A
The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."
CVE-2010-3325 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
CVE-2011-1978 1 Microsoft 7 .net Framework, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 N/A
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
CVE-2010-3329 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 N/A
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3340 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-3345 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
CVE-2010-0239 1 Microsoft 2 Windows Server 2008, Windows Vista 2025-04-11 N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
CVE-2010-0241 1 Microsoft 2 Windows Server 2008, Windows Vista 2025-04-11 N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
CVE-2011-1985 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 7.1 High
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
CVE-2011-1991 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
CVE-2011-1993 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."
CVE-2010-1403 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
CVE-2010-1421 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.
CVE-2010-1416 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue."
CVE-2011-1995 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."
CVE-2011-1996 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
CVE-2011-1999 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
CVE-2013-3167 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-11 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."