| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088. |
| The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file. |
| The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. |
| The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. |
| Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. |
| The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters. |
| Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression. |
| The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. |
| The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. |
| Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. |
| reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. |
| The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. |
| The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. |
| The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. |
| The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. |
| Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. |
| Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. |
| The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c. |
| Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. |
| Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability." |
