Search Results (25566 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1241 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
CVE-2010-1283 3 Adobe, Apple, Microsoft 3 Shockwave Player, Macos, Windows 2025-04-11 8.8 High
Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.
CVE-2010-1289 3 Adobe, Apple, Microsoft 7 Shockwave Player, Macos, Windows and 4 more 2025-04-11 N/A
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.
CVE-2011-1242 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
CVE-2010-1292 3 Adobe, Apple, Microsoft 7 Shockwave Player, Macos, Windows and 4 more 2025-04-11 N/A
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.
CVE-2011-1244 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
CVE-2011-1245 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."
CVE-2011-1246 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Disclosure Vulnerability."
CVE-2011-1250 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."
CVE-2011-1252 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 6.1 Medium
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
CVE-2011-1253 1 Microsoft 8 .net Framework, Silverlight, Windows 2003 Server and 5 more 2025-04-11 N/A
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
CVE-2011-1254 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
CVE-2011-1255 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
CVE-2011-1257 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
CVE-2011-1258 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
CVE-2011-1260 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2025-04-11 N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
CVE-2011-1264 1 Microsoft 3 Windows 2003 Server, Windows Server 2003, Windows Server 2008 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
CVE-2011-1265 2 Bluetooth, Microsoft 3 Bluetooth Stack, Windows 7, Windows Vista 2025-04-11 8.8 High
The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
CVE-2011-1266 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
CVE-2010-1389 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection.