CVE Daily
← All years

Uncategorized 2011

Page 11/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2011-03-03
Medium

CVE-2011-1139

wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-len…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-1138

Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash)…

CVSS: 4.3CWE: CWE-189
Read more
2011-03-02
Medium

CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by ch…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2011-0062

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corrup…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-0057

Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2011-0055

Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2011-0053

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to ca…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-4756

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2010-4755

The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2010-4754

The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (C…

CVSS: 4.0CWE: CWE-399
Read more
2011-03-01
High

CVE-2011-1125

Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead t…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2011-1119

Google Chrome before 9.0.597.107 does not properly determine device orientation, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vecto…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2011-1117

Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors tha…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2011-1116

Google Chrome before 9.0.597.107 does not properly handle SVG animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2011-1115

Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2011-1114

Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2011-1112

Google Chrome before 9.0.597.107 does not properly perform SVG rendering, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2011-1108

Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impa…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-1107

Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-0278

Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
2011-02-28
Medium

CVE-2011-1008

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain…

CVSS: 4.0CWE: CWE-264
Read more
Low

CVE-2011-1007

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via t…

CVSS: 2.1CWE: CWE-255
Read more
2011-02-25
Medium

CVE-2011-1101

Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthor…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-0717

Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk.

CVSS: 5.8CWE: N/A
Read more
Critical

CVE-2011-0332

Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-ba…

CVSS: 9.3CWE: CWE-189
Read more
High

CVE-2011-1036

The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2011-0396

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA)…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2011-0395

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0394

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0393

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0391

Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad h…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0390

The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process cra…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0389

Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0388

Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote ac…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0387

The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or…

CVSS: 8.0CWE: CWE-264
Read more
Critical

CVE-2011-0385

The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2011-0377

Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed Te…

CVSS: 7.8CWE: CWE-399
Read more
2011-02-24
Medium

CVE-2011-1011

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2011-0452

Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

CVSS: 6.2CWE: N/A
Read more
2011-02-23
Medium

CVE-2011-1003

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic…

CVSS: 6.8CWE: CWE-399
Read more
Medium

CVE-2011-0532

The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in…

CVSS: 6.2CWE: CWE-264
Read more
High

CVE-2011-0414

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an I…

CVSS: 7.1CWE: CWE-399
Read more
Medium

CVE-2011-0022

The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, whic…

CVSS: 4.7CWE: CWE-399
Read more
Medium

CVE-2010-4746

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via "badly behaved application…

CVSS: 5.0CWE: CWE-399
Read more
2011-02-21
Medium

CVE-2011-1056

The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replac…

CVSS: 6.2CWE: CWE-264
Read more
Critical

CVE-2011-1054

Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-1053

Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2011-1052

Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2011-1051

Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2011-1050

Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by th…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-1046

IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access ro…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2011-1045

Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors.

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2011-0694

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2011-0449

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of availa…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2011-0330

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute a…

CVSS: 5.0CWE: CWE-264
Read more
2011-02-19
High

CVE-2011-1035

The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors.

CVSS: 7.5CWE: CWE-255
Read more
Critical

CVE-2011-0724

The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remot…

CVSS: 9.3CWE: CWE-310
Read more
High

CVE-2011-0706

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2011-0430

Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via un…

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2011-0420

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument,…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-0014

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use…

CVSS: 5.0CWE: CWE-399
Read more
2011-02-18
Critical

CVE-2010-4744

Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-1042

Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the nam…

CVSS: 4.3CWE: CWE-399
Read more
2011-02-17
Medium

CVE-2010-4476

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJD…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-4475

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2010-4474

Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Se…

CVSS: 2.1CWE: N/A
Read more
Critical

CVE-2010-4473

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote atta…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2010-4472

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital…

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2010-4471

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start a…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-4470

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vector…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2010-4469

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-4468

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start…

CVSS: 4.0CWE: N/A
Read more
Critical

CVE-2010-4467

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrust…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2010-4466

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2010-4465

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-4463

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrust…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-4462

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote atta…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-4454

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote atta…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2010-4452

Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applicat…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2010-4451

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect…

CVSS: 7.6CWE: N/A
Read more
Low

CVE-2010-4450

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;…

CVSS: 3.7CWE: N/A
Read more
Low

CVE-2010-4448

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untruste…

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2010-4447

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2010-4422

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and avail…

CVSS: 7.6CWE: N/A
Read more
High

CVE-2011-0355

Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS…

CVSS: 7.8CWE: CWE-399
Read more
2011-02-16
Low

CVE-2010-2928

The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this f…

CVSS: 2.1CWE: CWE-255
Read more
2011-02-15
Medium

CVE-2011-1032

IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2010-4733

WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and passwor…

CVSS: 10.0CWE: CWE-255
Read more
2011-02-10
Critical

CVE-2011-0980

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbi…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2011-0977

Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2011-0976

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Format…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2011-0758

The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a craft…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2011-0598

Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafte…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2011-0588

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in t…

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2011-0585

Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly exec…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2011-0570

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in t…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2011-0568

Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrar…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2011-0565

Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly exec…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-0564

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vector…

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2011-0562

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in t…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2011-0539

The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which mi…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-0283

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-0282

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffe…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-0281

The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (fil…

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2010-4327

Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2010-3718

Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write…

CVSS: 1.2CWE: N/A
Read more
Medium

CVE-2011-0584

Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-0582

Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2011-0577

Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2011-0575

Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS: 6.9CWE: N/A
Read more
Critical

CVE-2011-0558

Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-0557

Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which…

CVSS: 9.3CWE: CWE-189
Read more
High

CVE-2011-0043

Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service ticket…

CVSS: 7.2CWE: CWE-310
Read more
Critical

CVE-2011-0038

Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a D…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2010-2589

Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3CWE: CWE-189
Read more
2011-02-09
Medium

CVE-2011-0030

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive info…

CVSS: 4.7CWE: CWE-264
Read more
2011-02-08
Critical

CVE-2011-0914

Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2011-0887

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote atta…

CVSS: 4.3CWE: CWE-310
Read more
Critical

CVE-2011-0885

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attac…

CVSS: 10.0CWE: CWE-255
Read more
>