Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination.
Max CVSS
4.3
EPSS Score
0.17%
Published
2011-05-20
Updated
2011-05-25
Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.
Max CVSS
6.8
EPSS Score
26.80%
Published
2011-05-03
Updated
2023-02-13
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
Max CVSS
5.0
EPSS Score
1.94%
Published
2011-05-23
Updated
2018-08-13
Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2011-05-03
Updated
2011-07-14
Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file.
Max CVSS
4.3
EPSS Score
0.17%
Published
2011-05-20
Updated
2011-05-24
authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.
Max CVSS
5.0
EPSS Score
0.61%
Published
2011-05-10
Updated
2017-08-17
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.
Max CVSS
5.8
EPSS Score
0.64%
Published
2011-05-20
Updated
2018-10-10
feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Max CVSS
5.1
EPSS Score
0.80%
Published
2011-05-26
Updated
2020-02-27
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.
Max CVSS
6.8
EPSS Score
1.77%
Published
2011-05-20
Updated
2011-10-26
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.34 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service (memory consumption) by sending a large amount of network traffic, as demonstrated by netperf UDP tests.
Max CVSS
7.8
EPSS Score
2.16%
Published
2011-05-26
Updated
2023-02-13
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.29%
Published
2011-05-09
Updated
2011-05-27
Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.
Max CVSS
4.3
EPSS Score
4.48%
Published
2011-05-03
Updated
2023-02-13
Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.42%
Published
2011-05-03
Updated
2011-08-27
Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.30%
Published
2011-05-03
Updated
2011-08-27
The socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.
Max CVSS
7.8
EPSS Score
1.06%
Published
2011-05-26
Updated
2020-08-04
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges.
Max CVSS
4.0
EPSS Score
0.07%
Published
2011-05-26
Updated
2011-05-26
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception.
Max CVSS
3.5
EPSS Score
0.12%
Published
2011-05-26
Updated
2011-07-13

CVE-2011-0065

Public exploit
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
Max CVSS
10.0
EPSS Score
96.90%
Published
2011-05-07
Updated
2017-09-19
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.
Max CVSS
10.0
EPSS Score
12.03%
Published
2011-05-07
Updated
2017-09-19
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.
Max CVSS
5.0
EPSS Score
1.04%
Published
2011-05-07
Updated
2017-09-19
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.
Max CVSS
10.0
EPSS Score
18.63%
Published
2011-05-07
Updated
2017-09-19
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.
Max CVSS
10.0
EPSS Score
18.63%
Published
2011-05-07
Updated
2017-09-19
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
Max CVSS
5.0
EPSS Score
1.70%
Published
2011-05-07
Updated
2017-09-19
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.
Max CVSS
10.0
EPSS Score
27.53%
Published
2011-05-07
Updated
2017-09-19

CVE-2011-0073

Public exploit
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Max CVSS
10.0
EPSS Score
96.48%
Published
2011-05-07
Updated
2017-09-19
295 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!