CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2011(Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-5046 20 1 DoS Exec Code Mem. Corr. 2011-12-30 2013-07-19
9.3
None Remote Medium Not required Complete Complete Complete
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
2 CVE-2011-4517 119 DoS Exec Code Overflow Mem. Corr. 2011-12-14 2014-01-13
6.8
None Remote Medium Not required Partial Partial Partial
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
3 CVE-2011-4516 119 DoS Exec Code Overflow Mem. Corr. 2011-12-14 2014-01-13
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
4 CVE-2011-4369 DoS Exec Code Mem. Corr. 2011-12-16 2013-01-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
5 CVE-2011-4261 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.
6 CVE-2011-4246 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2011-11-24
10.0
None Remote Low Not required Complete Complete Complete
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
7 CVE-2011-4245 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
8 CVE-2011-4162 119 DoS Exec Code Overflow Mem. Corr. 2011-12-05 2012-07-21
7.5
None Remote Low Not required Partial Partial Partial
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.
9 CVE-2011-3909 119 DoS Overflow Mem. Corr. 2011-12-13 2012-04-20
7.5
None Remote Low Not required Partial Partial Partial
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
10 CVE-2011-3894 119 DoS Overflow Mem. Corr. 2011-11-11 2012-02-16
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.
11 CVE-2011-3873 119 DoS Exec Code Overflow Mem. Corr. 2011-10-04 2011-10-20
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
12 CVE-2011-3660 DoS Exec Code Mem. Corr. 2011-12-20 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.
13 CVE-2011-3654 119 DoS Exec Code Overflow Mem. Corr. 2011-11-09 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
14 CVE-2011-3652 119 DoS Exec Code Overflow Mem. Corr. 2011-11-09 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
15 CVE-2011-3651 DoS Exec Code Mem. Corr. 2011-11-09 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
16 CVE-2011-3650 119 DoS Overflow Mem. Corr. 2011-11-09 2012-01-18
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
17 CVE-2011-3499 119 DoS Exec Code Overflow Mem. Corr. 2011-09-16 2011-09-22
10.0
None Remote Low Not required Complete Complete Complete
Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.
18 CVE-2011-3439 119 DoS Exec Code Overflow Mem. Corr. 2011-11-11 2012-12-18
9.3
None Remote Medium Not required Complete Complete Complete
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
19 CVE-2011-3413 94 DoS Exec Code Mem. Corr. 2011-12-13 2013-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
20 CVE-2011-3412 94 Exec Code Mem. Corr. 2011-12-13 2013-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
21 CVE-2011-3403 94 Exec Code Mem. Corr. 2011-12-13 2013-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
22 CVE-2011-3401 94 Exec Code Mem. Corr. 2011-12-13 2013-01-29
9.3
None Remote Medium Not required Complete Complete Complete
ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."
23 CVE-2011-3378 94 DoS Exec Code Mem. Corr. 2011-12-24 2013-02-06
9.3
None Remote Medium Not required Complete Complete Complete
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
24 CVE-2011-3362 189 DoS Exec Code Mem. Corr. 2011-10-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.
25 CVE-2011-3345 119 DoS Overflow Mem. Corr. 2011-09-19 2011-09-22
2.1
None Local Low Not required None None Partial
ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly handle certain non-array variables, which allows local users to cause a denial of service (stack memory corruption and system crash) by reading the /proc/net/sdpstats file.
26 CVE-2011-3321 119 DoS Exec Code Overflow Mem. Corr. 2011-09-16 2012-06-04
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.
27 CVE-2011-3296 399 DoS Mem. Corr. 2011-10-06 2011-11-23
7.8
None Remote Low Not required None None Complete
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875.
28 CVE-2011-3272 399 DoS Mem. Corr. 2011-10-03 2011-10-20
7.8
None Remote Low Not required None None Complete
The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073.
29 CVE-2011-3256 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-12-18
4.3
None Remote Medium Not required None Partial None
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
30 CVE-2011-3251 119 DoS Exec Code Overflow Mem. Corr. 2011-10-27 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
31 CVE-2011-3244 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
32 CVE-2011-3241 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
33 CVE-2011-3239 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
34 CVE-2011-3238 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
35 CVE-2011-3237 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
36 CVE-2011-3236 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
37 CVE-2011-3235 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
38 CVE-2011-3233 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2013-11-02
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
39 CVE-2011-3228 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-13
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
40 CVE-2011-3217 119 DoS Exec Code Overflow Mem. Corr. 2011-10-14 2012-01-13
6.8
None Remote Medium Not required Partial Partial Partial
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
41 CVE-2011-3205 DoS Overflow Mem. Corr. 2011-09-06 2011-10-25
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
42 CVE-2011-3143 399 DoS Exec Code Mem. Corr. 2011-08-16 2012-03-15
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
43 CVE-2011-2997 DoS Exec Code Mem. Corr. 2011-09-28 2011-11-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
44 CVE-2011-2996 DoS Exec Code Mem. Corr. 2011-09-28 2012-01-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
45 CVE-2011-2995 DoS Exec Code Mem. Corr. 2011-09-28 2011-11-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
46 CVE-2011-2992 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
47 CVE-2011-2991 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
48 CVE-2011-2989 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
49 CVE-2011-2985 DoS Exec Code Mem. Corr. 2011-08-18 2012-12-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
50 CVE-2011-2982 DoS Exec Code Mem. Corr. 2011-08-18 2012-06-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Total number of vulnerabilities : 351   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.