The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2011-2962 | Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls. | High | Aug 1, 2011 |
| CVE-2011-2963 | TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651. | High | Aug 1, 2011 |
| CVE-2011-2980 | Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20 allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.Per: http://cwe.mitre.org/data/definitions/426.html \'CWE-426: Untrusted Search Path\' | High | Aug 19, 2011 |
| CVE-2011-2981 | The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site. | High | Aug 26, 2011 |
| CVE-2011-2982 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | High | Sep 2, 2011 |
| CVE-2011-2984 | Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | High | Aug 26, 2011 |
| CVE-2011-2985 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | High | Sep 2, 2011 |
| CVE-2011-2987 | Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors. | High | Aug 30, 2011 |
| CVE-2011-2988 | Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. | High | Aug 30, 2011 |
| CVE-2011-2989 | The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | High | Aug 31, 2011 |
| CVE-2011-2991 | The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | High | Aug 31, 2011 |
| CVE-2011-2992 | The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | High | Aug 31, 2011 |
| CVE-2011-2993 | The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. | High | Aug 31, 2011 |
| CVE-2011-2995 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | High | Sep 29, 2011 |
| CVE-2011-2996 | Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | High | Sep 29, 2011 |
| CVE-2011-2997 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | High | Sep 29, 2011 |
| CVE-2011-2998 | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | High | Sep 30, 2011 |
| CVE-2011-3002 | Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. | High | Sep 29, 2011 |
| CVE-2011-3003 | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. | High | Sep 29, 2011 |
| CVE-2011-3005 | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | High | Sep 29, 2011 |
| CVE-2011-3012 | The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764. | High | Aug 10, 2011 |
| CVE-2011-3015 | Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | High | Feb 17, 2012 |
| CVE-2011-3016 | Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a read-after-free issue. | High | Feb 17, 2012 |
| CVE-2011-3017 | Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to database handling. | High | Feb 17, 2012 |
| CVE-2011-3018 | Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering. | High | Feb 17, 2012 |
| CVE-2011-3020 | Unspecified vulnerability in the Native Client validator implementation in Google Chrome before 17.0.963.56 has unknown impact and remote attack vectors. | High | Feb 17, 2012 |
| CVE-2011-3021 | Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. | High | Feb 17, 2012 |
| CVE-2011-3026 | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | High | Feb 17, 2012 |
| CVE-2011-3027 | Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | High | Feb 17, 2012 |
| CVE-2011-3031 | Use-after-free vulnerability in the element wrapper in Google V8, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | High | Mar 6, 2012 |
| CVE-2011-3032 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values. | High | Mar 6, 2012 |
| CVE-2011-3033 | Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | High | Mar 6, 2012 |
| CVE-2011-3034 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document. | High | Mar 6, 2012 |
| CVE-2011-3035 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. | High | Mar 6, 2012 |
| CVE-2011-3036 | Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | High | Mar 6, 2012 |
| CVE-2011-3037 | Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. | High | Mar 6, 2012 |
| CVE-2011-3038 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling. | High | Mar 6, 2012 |
| CVE-2011-3039 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling. | High | Mar 6, 2012 |
| CVE-2011-3041 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes. | High | Mar 6, 2012 |
| CVE-2011-3042 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections. | High | Mar 6, 2012 |
| CVE-2011-3043 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements. | High | Mar 6, 2012 |
| CVE-2011-3044 | Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements. | High | Mar 6, 2012 |
| CVE-2011-3046 | The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a Universal XSS (UXSS) issue. | High | Mar 12, 2012 |
| CVE-2011-3047 | The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism. | High | Mar 12, 2012 |
| CVE-2011-3050 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. | High | Mar 23, 2012 |
| CVE-2011-3051 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the cross-fade function. | High | Mar 23, 2012 |
| CVE-2011-3052 | The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | High | Mar 23, 2012 |
| CVE-2011-3053 | Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. | High | Mar 23, 2012 |
| CVE-2011-3056 | Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a magic iframe. | High | Mar 23, 2012 |
| CVE-2011-3063 | Google Chrome before 18.0.1025.142 does not properly validate the renderer\'s navigation requests, which has unspecified impact and remote attack vectors. | High | Apr 2, 2012 |
