CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8501 CVE-2011-3046 20 Exec Code XSS 2012-03-08 2018-01-12
10.0
None Remote Low Not required Complete Complete Complete
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
8502 CVE-2011-3012 20 Exec Code 2011-08-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.
8503 CVE-2011-3005 119 DoS Exec Code Overflow 2011-09-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.
8504 CVE-2011-3003 119 DoS Exec Code Overflow 2011-09-28 2018-11-29
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation.
8505 CVE-2011-3002 119 DoS Exec Code Overflow 2011-09-28 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow.
8506 CVE-2011-2998 189 DoS Exec Code 2011-09-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
8507 CVE-2011-2997 DoS Exec Code Mem. Corr. 2011-09-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8508 CVE-2011-2996 DoS Exec Code Mem. Corr. 2011-09-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8509 CVE-2011-2995 DoS Exec Code Mem. Corr. 2011-09-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8510 CVE-2011-2993 264 +Priv Bypass 2011-08-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
8511 CVE-2011-2992 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
8512 CVE-2011-2991 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
8513 CVE-2011-2989 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
8514 CVE-2011-2988 119 DoS Exec Code Overflow 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.
8515 CVE-2011-2987 119 Exec Code Overflow 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.
8516 CVE-2011-2985 DoS Exec Code Mem. Corr. 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8517 CVE-2011-2984 94 Exec Code 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
8518 CVE-2011-2982 DoS Exec Code Mem. Corr. 2011-08-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
8519 CVE-2011-2981 16 Exec Code Bypass 2011-08-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.
8520 CVE-2011-2963 287 1 DoS +Info 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
8521 CVE-2011-2962 119 DoS Exec Code Overflow 2011-07-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
8522 CVE-2011-2961 119 DoS Exec Code Overflow 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet.
8523 CVE-2011-2960 119 DoS Exec Code Overflow 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
8524 CVE-2011-2959 119 DoS Exec Code Overflow 2011-07-29 2011-08-01
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202.
8525 CVE-2011-2955 399 Exec Code 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.
8526 CVE-2011-2954 399 Exec Code 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.
8527 CVE-2011-2953 119 Exec Code Overflow 2011-08-18 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.
8528 CVE-2011-2952 399 Exec Code 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.
8529 CVE-2011-2951 119 Exec Code Overflow 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
8530 CVE-2011-2950 119 Exec Code Overflow 2011-08-18 2012-02-13
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
8531 CVE-2011-2949 119 Exec Code Overflow 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.
8532 CVE-2011-2948 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.
8533 CVE-2011-2946 Exec Code 2011-08-18 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.
8534 CVE-2011-2945 119 Exec Code Overflow 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.
8535 CVE-2011-2940 119 DoS Exec Code Overflow Mem. Corr. 2011-08-25 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
8536 CVE-2011-2895 119 Exec Code Overflow 2011-08-19 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.
8537 CVE-2011-2884 2011-07-27 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
8538 CVE-2011-2883 20 Exec Code 2011-07-21 2011-07-22
9.3
None Remote Medium Not required Complete Complete Complete
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
8539 CVE-2011-2882 119 Exec Code Overflow 2011-07-21 2011-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
8540 CVE-2011-2873 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8541 CVE-2011-2872 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8542 CVE-2011-2871 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8543 CVE-2011-2870 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8544 CVE-2011-2869 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8545 CVE-2011-2868 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8546 CVE-2011-2867 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8547 CVE-2011-2833 119 DoS Exec Code Overflow Mem. Corr. 2012-03-08 2018-11-29
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
8548 CVE-2011-2822 20 2011-08-29 2018-11-29
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.
8549 CVE-2011-2806 119 DoS Exec Code Overflow Mem. Corr. 2011-08-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
8550 CVE-2011-2767 94 Exec Code 2018-08-26 2019-01-11
10.0
None Remote Low Not required Complete Complete Complete
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.