Search Results (1468 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1485 5 Canonical, Mozilla, Opensuse and 2 more 8 Ubuntu Linux, Firefox, Seamonkey and 5 more 2025-04-11 N/A
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
CVE-2011-3193 5 Canonical, Gnome, Opensuse and 2 more 9 Ubuntu Linux, Pango, Opensuse and 6 more 2025-04-11 N/A
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
CVE-2011-3192 5 Apache, Canonical, Opensuse and 2 more 10 Http Server, Ubuntu Linux, Opensuse and 7 more 2025-04-11 N/A
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
CVE-2014-1488 5 Canonical, Mozilla, Opensuse and 2 more 8 Ubuntu Linux, Firefox, Seamonkey and 5 more 2025-04-11 N/A
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.
CVE-2014-1489 6 Canonical, Mozilla, Opensuse and 3 more 8 Ubuntu Linux, Firefox, Opensuse and 5 more 2025-04-11 N/A
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
CVE-2011-3098 3 Google, Microsoft, Opensuse 3 Chrome, Windows, Opensuse 2025-04-11 N/A
Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory.
CVE-2011-3056 3 Apple, Google, Opensuse 4 Iphone Os, Safari, Chrome and 1 more 2025-04-11 N/A
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
CVE-2011-3055 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension.
CVE-2011-3054 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2010-4165 4 Linux, Opensuse, Redhat and 1 more 7 Linux Kernel, Opensuse, Enterprise Linux and 4 more 2025-04-11 N/A
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
CVE-2010-3442 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-11 N/A
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
CVE-2011-2725 3 Canonical, Kde, Opensuse 4 Ubuntu Linux, Ark, Kde Sc and 1 more 2025-04-11 N/A
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVE-2011-3053 3 Apple, Google, Opensuse 5 Iphone Os, Itunes, Safari and 2 more 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
CVE-2011-3052 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2011-3051 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function.
CVE-2011-3050 3 Apple, Google, Opensuse 5 Iphone Os, Itunes, Safari and 2 more 2025-04-11 N/A
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
CVE-2011-3049 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Google Chrome before 17.0.963.83 does not properly restrict the extension web request API, which allows remote attackers to cause a denial of service (disrupted system requests) via a crafted extension.
CVE-2011-3047 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
CVE-2011-3046 3 Apple, Google, Opensuse 4 Iphone Os, Safari, Chrome and 1 more 2025-04-11 N/A
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
CVE-2011-3044 3 Apple, Google, Opensuse 5 Iphone Os, Itunes, Safari and 2 more 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.