AOL 漏洞与 CVE 列表(57)

产品(CPE): — CVE 数: 57

AOL 漏洞概览

汇总 AOL 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 缓冲区溢出、输入验证问题与内存损坏,在 生产负载与软件部署 使用场景中可能带来 应用崩溃、内存损坏与异常行为 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12057 CVE 数
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2014-5570 The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. [email protected] 5.4 0.27% 2014-09-08 2026-06-16
CVE-2012-5816 AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. [email protected] 5.8 0.57% 2012-11-04 2026-06-16
CVE-2009-4494 AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. [email protected] 5.0 8.78% 2010-01-13 2026-06-16
CVE-2009-3658 Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. [email protected] 8.8 8.90% 2009-10-09 2026-06-16
CVE-2007-6699 Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. [email protected] 4.3 4.50% 2008-02-04 2026-06-16
CVE-2007-6250 Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. [email protected] 9.3 24.34% 2008-01-09 2026-06-16
CVE-2007-5755 Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. [email protected] 9.3 12.97% 2007-11-13 2026-06-16
CVE-2007-5124 The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901. [email protected] 6.8 1.90% 2007-09-27 2026-06-16
CVE-2007-4901 The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. [email protected] 5.8 2.79% 2007-09-14 2026-06-16
CVE-2007-3437 AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. [email protected] 7.8 1.60% 2007-06-26 2026-06-16
CVE-2007-3350 AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. [email protected] 7.8 1.62% 2007-06-22 2026-06-16
CVE-2007-1904 Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. [email protected] 4.3 3.75% 2007-04-10 2026-06-16
CVE-2006-5820 The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. [email protected] 9.3 8.43% 2007-04-02 2026-06-16
CVE-2007-1767 Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. [email protected] 7.8 1.60% 2007-03-29 2026-06-16
CVE-2006-6442 Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. [email protected] 9.3 5.39% 2006-12-10 2026-06-16
CVE-2006-5650 The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. [email protected] 7.5 66.37% 2006-11-07 2026-06-16
CVE-2006-5502 Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. [email protected] 7.5 3.40% 2006-10-25 2026-06-16
CVE-2006-5501 Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. [email protected] 7.5 3.40% 2006-10-25 2026-06-16
CVE-2006-3888 Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. [email protected] 7.5 5.77% 2006-10-10 2026-06-16
CVE-2006-3887 Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. [email protected] 7.5 4.45% 2006-10-10 2026-06-16
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
cvelogic Threat Intelligence