The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
Max CVSS
9.3
EPSS Score
49.28%
Published
2011-12-30
Updated
2019-02-26
TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a denial of service (application crash) via a long string in an MP3 file, possibly a buffer overflow.
Max CVSS
4.3
EPSS Score
0.44%
Published
2011-12-30
Updated
2017-08-29
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.
Max CVSS
5.0
EPSS Score
0.46%
Published
2011-12-30
Updated
2012-11-06
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
0.81%
Published
2011-12-30
Updated
2013-10-31

CVE-2011-5035

Public exploit
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Max CVSS
5.0
EPSS Score
2.52%
Published
2011-12-30
Updated
2018-01-06

CVE-2011-5034

Public exploit
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
Max CVSS
7.8
EPSS Score
1.19%
Published
2011-12-30
Updated
2021-07-30
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.
Max CVSS
4.4
EPSS Score
0.08%
Published
2011-12-29
Updated
2017-08-29
WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device.
Max CVSS
4.9
EPSS Score
0.04%
Published
2011-12-29
Updated
2017-08-29
PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.59%
Published
2011-12-29
Updated
2011-12-29
The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.
Max CVSS
5.0
EPSS Score
6.84%
Published
2011-12-25
Updated
2017-08-29

CVE-2011-4885

Public exploit
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
87.47%
Published
2011-12-30
Updated
2018-01-09
validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.
Max CVSS
7.8
EPSS Score
1.50%
Published
2011-12-20
Updated
2017-08-29
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Max CVSS
5.0
EPSS Score
0.98%
Published
2011-12-30
Updated
2021-01-12
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Max CVSS
7.8
EPSS Score
2.02%
Published
2011-12-30
Updated
2017-08-29
Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files.
Max CVSS
10.0
EPSS Score
0.48%
Published
2011-12-16
Updated
2017-08-29
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files.
Max CVSS
10.0
EPSS Score
0.48%
Published
2011-12-16
Updated
2019-04-22
Opera before 11.60 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified content on a web page, as demonstrated by a page under the cisco.com home page.
Max CVSS
5.0
EPSS Score
0.28%
Published
2011-12-07
Updated
2012-03-06
Unspecified vulnerability in the Web Workers implementation in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
Max CVSS
5.0
EPSS Score
0.28%
Published
2011-12-07
Updated
2012-03-06
Dragonfly in Opera before 11.60 allows remote attackers to cause a denial of service (application crash) via unspecified content on a web page, as demonstrated by forbes.com.
Max CVSS
5.0
EPSS Score
0.29%
Published
2011-12-07
Updated
2012-03-06
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.
Max CVSS
5.0
EPSS Score
2.88%
Published
2011-12-17
Updated
2017-09-19
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.
Max CVSS
5.0
EPSS Score
2.75%
Published
2011-12-17
Updated
2017-09-19
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.
Max CVSS
5.0
EPSS Score
5.64%
Published
2011-12-25
Updated
2017-09-19
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.
Max CVSS
4.3
EPSS Score
4.20%
Published
2011-12-15
Updated
2012-09-01
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
Max CVSS
6.4
EPSS Score
88.17%
Published
2011-11-29
Updated
2022-08-29
One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service (login disruption) or spoof votes or comments by selecting a conflicting e-mail address.
Max CVSS
4.0
EPSS Score
0.13%
Published
2011-12-06
Updated
2011-12-08
1219 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!