CVE Daily
← All years

Uncategorized 2011

Page 2/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2011-11-17
Medium

CVE-2011-4073

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash)…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2011-3627

The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/byteco…

CVSS: 4.3CWE: CWE-189
Read more
Medium

CVE-2011-3380

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, w…

CVSS: 5.0CWE: N/A
Read more
2011-11-16
Medium

CVE-2011-4158

Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive info…

CVSS: 4.0CWE: N/A
Read more
2011-11-15
High

CVE-2011-1516

The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to ac…

CVSS: 7.6CWE: CWE-264
Read more
High

CVE-2008-7303

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted appl…

CVSS: 7.6CWE: CWE-264
Read more
Medium

CVE-2011-4118

Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.

CVSS: 6.0CWE: CWE-264
Read more
2011-11-12
Medium

CVE-2011-4048

The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information fro…

CVSS: 4.3CWE: CWE-255
Read more
Medium

CVE-2011-4046

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by exam…

CVSS: 5.0CWE: CWE-310
Read more
2011-11-11
Medium

CVE-2011-4435

The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers…

CVSS: 5.0CWE: CWE-264
Read more
Low

CVE-2011-4434

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2)…

CVSS: 3.6CWE: CWE-264
Read more
Medium

CVE-2011-3376

org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privi…

CVSS: 4.4CWE: CWE-264
Read more
Medium

CVE-2011-1375

IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.

CVSS: 4.9CWE: CWE-264
Read more
High

CVE-2011-3442

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

CVSS: 7.2CWE: CWE-399
Read more
Low

CVE-2011-3440

The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover dur…

CVSS: 1.2CWE: CWE-264
Read more
Critical

CVE-2011-2458

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer i…

CVSS: 9.3CWE: CWE-264
Read more
2011-11-10
Medium

CVE-2011-4432

www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent at…

CVSS: 5.0CWE: CWE-310
Read more
2011-11-09
Critical

CVE-2011-2740

EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attacker…

CVSS: 9.3CWE: CWE-264
Read more
High

CVE-2011-2739

The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authentic…

CVSS: 8.5CWE: CWE-264
Read more
Low

CVE-2011-1373

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a…

CVSS: 1.5CWE: N/A
Read more
Critical

CVE-2011-3651

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or…

CVSS: 10.0CWE: N/A
Read more
2011-11-08
High

CVE-2011-2016

Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to…

CVSS: 7.3CWE: N/A
Read more
Critical

CVE-2011-2013

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by…

CVSS: 9.8CWE: CWE-189
Read more
Medium

CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…

CVSS: 4.4CWE: CWE-189
Read more
2011-11-07
Medium

CVE-2011-3169

Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-3168

Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
2011-11-04
Critical

CVE-2011-3991

Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions.

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-3402

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, whe…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2011-3164

Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privi…

CVSS: 6.8CWE: N/A
Read more
2011-11-03
Medium

CVE-2011-3996

The LiveData Service in CSWorks before 2.0.4115.1 allows remote attackers to cause a denial of service (service crash) via crafted TCP packets.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-3993

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak…

CVSS: 5.5CWE: CWE-264
Read more
Medium

CVE-2011-3987

dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard before 4.41.0315, and Pro Advanced before 4.41.0315 allows local users to cause a denial of service (system crash) via an invalid Devi…

CVSS: 4.9CWE: CWE-399
Read more
Medium

CVE-2011-4101

The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a de…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-4100

The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resou…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-3995

Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 and earlier allows remote attackers to cause a denial of service (daemon crash) via unknown network traffic.

CVSS: 5.0CWE: N/A
Read more
2011-11-02
Critical

CVE-2011-3167

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3166

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3165

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.

CVSS: 10.0CWE: N/A
Read more
2011-11-01
Critical

CVE-2011-4223

Unspecified vulnerability in Investintech.com Absolute PDF Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF documen…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-4222

Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-4221

Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a craf…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-4220

Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly exec…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2011-4219

Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly exec…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2011-4218

Investintech.com SlimPDF Reader does not prevent faulting-instruction data from affecting write operations, which allows remote attackers to cause a denial of service (application crash) or possibly…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2011-4217

Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2011-4216

Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr…

CVSS: 9.3CWE: CWE-264
Read more
High

CVE-2011-0941

Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attack…

CVSS: 7.8CWE: CWE-399
Read more
2011-10-30
High

CVE-2011-4213

The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute ar…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2011-4212

The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrar…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2011-4211

The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended acc…

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2011-1367

Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a craf…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2011-1366

Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary…

CVSS: 8.8CWE: N/A
Read more
Medium

CVE-2009-2747

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict acc…

CVSS: 5.0CWE: CWE-264
Read more
2011-10-29
Medium

CVE-2011-1370

The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attacker…

CVSS: 5.0CWE: CWE-16
Read more
Medium

CVE-2010-0780

IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager.

CVSS: 4.3CWE: CWE-399
Read more
2011-10-28
Critical

CVE-2011-3250

Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-3248

Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime mov…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-3247

Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.

CVSS: 9.3CWE: CWE-189
Read more
High

CVE-2011-2830

Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of service (application crash) or possibly…

CVSS: 7.5CWE: N/A
Read more
2011-10-27
High

CVE-2011-3318

Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause…

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2011-2569

Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unsp…

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2011-4079

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-ba…

CVSS: 4.0CWE: CWE-189
Read more
Medium

CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editi…

CVSS: 6.2CWE: CWE-264
Read more
2011-10-25
High

CVE-2011-3891

Google Chrome before 15.0.874.102 does not properly restrict access to internal Google V8 functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impa…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2011-3879

Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2011-3876

Google Chrome before 15.0.874.102 does not properly handle downloading files that have whitespace characters at the end of a filename, which has unspecified impact and user-assisted remote attack vec…

CVSS: 6.8CWE: N/A
Read more
2011-10-24
Critical

CVE-2011-2656

Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-2655

Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-…

CVSS: 9.3CWE: N/A
Read more
2011-10-22
Medium

CVE-2011-2060

The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non…

CVSS: 4.9CWE: CWE-399
Read more
2011-10-21
Medium

CVE-2011-2677

Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to mani…

CVSS: 5.5CWE: CWE-264
Read more
Medium

CVE-2011-0290

The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log…

CVSS: 6.5CWE: CWE-264
Read more
2011-10-20
High

CVE-2011-2584

Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4)…

CVSS: 7.5CWE: CWE-264
Read more
2011-10-19
Low

CVE-2011-3561

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unkn…

CVSS: 1.8CWE: N/A
Read more
Medium

CVE-2011-3560

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrust…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2011-3558

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java app…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-3557

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2011-3556

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2011-3555

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integ…

CVSS: 6.1CWE: N/A
Read more
Critical

CVE-2011-3554

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applicat…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2011-3553

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affe…

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2011-3552

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attacke…

CVSS: 2.6CWE: N/A
Read more
Critical

CVE-2011-3551

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confide…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2011-3550

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java app…

CVSS: 7.6CWE: N/A
Read more
Critical

CVE-2011-3549

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3548

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrust…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-3547

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrust…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-3546

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and un…

CVSS: 5.8CWE: N/A
Read more
Critical

CVE-2011-3545

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3521

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start app…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2011-3516

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications…

CVSS: 7.6CWE: N/A
Read more
Critical

CVE-2011-3162

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3161

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3160

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3159

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3158

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3157

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-3156

Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-4137

The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which…

CVSS: 5.0CWE: CWE-399
Read more
2011-10-18
Medium

CVE-2011-2323

Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Management System component in Oracle Industry Applications 4.6.1 and 4.6.2 allows remote attackers to affect integrity, related to…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2011-3559

Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availa…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2011-3543

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2011-3542

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2011-3541

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows local users to affect availability via unknown vectors related to Outside In…

CVSS: 1.9CWE: N/A
Read more
Low

CVE-2011-3539

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.

CVSS: 1.7CWE: N/A
Read more
Medium

CVE-2011-3538

Unspecified vulnerability in the Sun Ray component in Oracle Virtualization 4.0 allows remote attackers to affect integrity, related to Authentication. NOTE: this identifier was inadvertently used f…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2011-3537

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.

CVSS: 7.8CWE: N/A
Read more
Low

CVE-2011-3536

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to DTrace Software Library (libdtrace).

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2011-3535

Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Ser…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-3534

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-3533

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality and integrity, related to Job Profi…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2011-3532

Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0.2, 6.0.0.3, and 6.0.0.4 allows remote attackers t…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-3530

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality via unknown vectors related to eDev…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-3529

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-3528

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2011-3527

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors r…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2011-3526

Unspecified vulnerability in the Siebel Core - UIF Server component in Oracle Siebel CRM 8.0.0 and 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Use…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-3525

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related…

CVSS: 6.5CWE: N/A
Read more
Low

CVE-2011-3523

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Cons…

CVSS: 3.5CWE: N/A
Read more
>