Total
2703 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-4130 | 1 Proftpd | 1 Proftpd | 2024-08-07 | N/A |
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. | ||||
CVE-2011-4100 | 1 Wireshark | 1 Wireshark | 2024-08-06 | N/A |
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
CVE-2011-4096 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2024-08-06 | N/A |
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. | ||||
CVE-2011-4073 | 2 Redhat, Xelerance | 2 Enterprise Linux, Openswan | 2024-08-06 | N/A |
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. | ||||
CVE-2011-4078 | 2 Php, Roundcube | 2 Php, Webmail | 2024-08-06 | N/A |
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. | ||||
CVE-2011-3982 | 1 Ibm | 1 Aix | 2024-08-06 | N/A |
The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs. | ||||
CVE-2011-3973 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. | ||||
CVE-2011-3987 | 1 Daemon-tools | 1 Daemon Tools | 2024-08-06 | N/A |
dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard before 4.41.0315, and Pro Advanced before 4.41.0315 allows local users to cause a denial of service (system crash) via an invalid DeviceIoControl request to \\.\dtsoftbusctl. | ||||
CVE-2011-3996 | 1 Controlsystemworks | 1 Csworks | 2024-08-06 | N/A |
The LiveData Service in CSWorks before 2.0.4115.1 allows remote attackers to cause a denial of service (service crash) via crafted TCP packets. | ||||
CVE-2011-3934 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data. | ||||
CVE-2011-3946 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-06 | N/A |
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop. | ||||
CVE-2011-3845 | 1 Apple | 1 Safari | 2024-08-06 | N/A |
Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins. | ||||
CVE-2011-3665 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-08-06 | N/A |
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. | ||||
CVE-2011-3661 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-08-06 | N/A |
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||||
CVE-2011-3658 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-08-06 | N/A |
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | ||||
CVE-2011-3593 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-06 | N/A |
A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. | ||||
CVE-2011-3579 | 1 Icewarp | 1 Mail Server | 2024-08-06 | N/A |
server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference. | ||||
CVE-2011-3482 | 1 Wireshark | 1 Wireshark | 2024-08-06 | N/A |
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
CVE-2011-3442 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. | ||||
CVE-2011-3432 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. |