CVE Daily
← All years

Uncategorized 2011

Page 6/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2011-07-20
Medium

CVE-2011-0883

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3, 10.1.3.5, 10.1.4.0.1, and 10.1.4.3 allows remote authenticated users to affect integrity, r…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-0882

Unspecified vulnerability in the Content Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-0881

Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect int…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-0880

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availabili…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2011-0879

Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid C…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-0877

Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-0876

Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-0875

Unspecified vulnerability in the EMCTL component in Oracle Database Server 11.1.0.7 and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1 allows remote authenticated users to af…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2011-0870

Unspecified vulnerability in the Schema Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Con…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-0852

Unspecified vulnerability in the Security Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4; and Oracle Enterprise Manager Grid Control 10.1.0.6; allows remote attackers…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-0848

Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Co…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-0845

Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unkno…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-0838

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availabili…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2011-0835

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availabili…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2011-0832

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availabili…

CVSS: 6.0CWE: N/A
Read more
Medium

CVE-2011-0831

Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manag…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2011-0830

Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-0822

Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-0816

Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Mana…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2011-0811

Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, a…

CVSS: 4.9CWE: N/A
Read more
2011-07-19
High

CVE-2011-0227

The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted appl…

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2011-0226

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute…

CVSS: 9.3CWE: CWE-189
Read more
Low

CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modi…

CVSS: 3.6CWE: CWE-264
Read more
High

CVE-2011-2528

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privi…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2011-2385

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated…

CVSS: 6.5CWE: CWE-264
Read more
2011-07-18
Medium

CVE-2011-2761

Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via…

CVSS: 4.3CWE: CWE-399
Read more
2011-07-17
Medium

CVE-2011-2760

Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet.

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2011-2750

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.

CVSS: 5.0CWE: CWE-399
Read more
2011-07-14
Medium

CVE-2011-0287

Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express so…

CVSS: 6.4CWE: N/A
Read more
2011-07-13
High

CVE-2011-1888

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a cra…

CVSS: 7.2CWE: N/A
Read more
Low

CVE-2011-1886

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a craft…

CVSS: 2.1CWE: N/A
Read more
High

CVE-2011-1885

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP…

CVSS: 7.2CWE: N/A
Read more
High

CVE-2011-1884

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1883

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1882

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1880

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP…

CVSS: 7.2CWE: N/A
Read more
High

CVE-2011-1879

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1878

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1877

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local us…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1876

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1875

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.2CWE: CWE-399
Read more
High

CVE-2011-1874

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or…

CVSS: 7.2CWE: CWE-189
Read more
High

CVE-2011-1284

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 200…

CVSS: 7.2CWE: CWE-189
Read more
2011-07-11
Medium

CVE-2011-2516

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of servic…

CVSS: 5.0CWE: CWE-189
Read more
Medium

CVE-2011-2398

Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2011-2064

Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, a…

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2011-1951

lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory cons…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-1338

Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.

CVSS: 6.9CWE: N/A
Read more
2011-07-08
Low

CVE-2011-2664

Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS sy…

CVSS: 3.6CWE: N/A
Read more
Low

CVE-2011-2465

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote att…

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2011-2464

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a cr…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2011-2344

Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and acces…

CVSS: 10.0CWE: CWE-310
Read more
2011-07-07
Medium

CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which a…

CVSS: 4.3CWE: CWE-255
Read more
High

CVE-2011-1946

gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2011-1224

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2011-2682

The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access w…

CVSS: 4.0CWE: CWE-399
Read more
Critical

CVE-2011-2680

Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-2678

The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing t…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-2597

The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.

CVSS: 4.3CWE: CWE-399
Read more
2011-07-06
Medium

CVE-2011-2666

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote atta…

CVSS: 5.0CWE: CWE-16
Read more
Medium

CVE-2011-2665

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP pack…

CVSS: 5.0CWE: N/A
Read more
2011-07-01
Medium

CVE-2011-2641

Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2640

Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2639

Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2638

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2637

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seo…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2636

Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmwar…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2635

The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vectors involving use of the :hover pseudo-class, in…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2633

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrate…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2629

Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2627

Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated b…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2626

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2625

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2624

Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-2623

Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2622

Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2621

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2620

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2619

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, related to the implementation of CANVAS elements, SVG, and Cascading Style…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2618

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2617

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, remov…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2616

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2615

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2614

The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2613

The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2612

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2611

Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page.

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2011-2610

Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-1515

The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-1514

The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing craf…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-1337

Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages.

CVSS: 4.3CWE: CWE-399
Read more
2011-06-30
Critical

CVE-2011-2376

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and ap…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-2375

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and appl…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-2374

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2011-2373

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to e…

CVSS: 7.6CWE: CWE-399
Read more
Critical

CVE-2011-2371

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arb…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2011-2370

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via u…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2011-2368

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (applic…

CVSS: 10.0CWE: CWE-264
Read more
Medium

CVE-2011-2367

The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with…

CVSS: 6.4CWE: CWE-264
Read more
Critical

CVE-2011-2365

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and applic…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-2364

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and applic…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-2363

Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey throug…

CVSS: 10.0CWE: CWE-399
Read more
Medium

CVE-2011-2362

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2011-0085

Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitr…

CVSS: 10.0CWE: CWE-399
Read more
Critical

CVE-2011-0083

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey throug…

CVSS: 10.0CWE: CWE-399
Read more
High

CVE-2011-2604

The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, a…

CVSS: 7.1CWE: CWE-399
Read more
High

CVE-2011-2603

The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as d…

CVSS: 7.1CWE: CWE-399
Read more
High

CVE-2011-2602

The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla F…

CVSS: 7.1CWE: CWE-399
Read more
High

CVE-2011-2601

The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shad…

CVSS: 7.1CWE: CWE-264
Read more
High

CVE-2011-2600

The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) sh…

CVSS: 7.1CWE: CWE-264
Read more
Medium

CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbi…

CVSS: 6.5CWE: CWE-254
Read more
2011-06-29
Medium

CVE-2011-2350

The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecifi…

CVSS: 6.8CWE: N/A
Read more
2011-06-24
Medium

CVE-2011-2484

The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of se…

CVSS: 4.9CWE: CWE-399
Read more
Critical

CVE-2011-2194

Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unsp…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-1908

Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2011-1132

The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2011-0212

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumptio…

CVSS: 6.4CWE: CWE-399
Read more
Medium

CVE-2011-0207

The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive ali…

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2011-0202

Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font…

CVSS: 6.8CWE: CWE-189
Read more
>