CVE Daily
← All years

Uncategorized 2011

Page 7/13.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2011-06-24
High

CVE-2011-0201

Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CF…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2011-0200

Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embe…

CVSS: 6.8CWE: CWE-189
Read more
High

CVE-2011-0196

AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.

CVSS: 7.8CWE: CWE-399
Read more
2011-06-22
Medium

CVE-2011-2206

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consum…

CVSS: 5.5CWE: CWE-399
Read more
Medium

CVE-2011-2532

The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated d…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2531

Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation)…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-2205

Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document con…

CVSS: 5.0CWE: CWE-399
Read more
2011-06-21
Medium

CVE-2011-2188

LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document co…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-1757

DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML documen…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-1756

modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-1754

jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML doc…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-1753

expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2011-1128

The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote…

CVSS: 7.5CWE: CWE-310
Read more
Critical

CVE-2011-1127

SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.

CVSS: 10.0CWE: CWE-264
Read more
2011-06-16
Medium

CVE-2011-2202

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute pa…

CVSS: 6.4CWE: CWE-264
Read more
Critical

CVE-2011-2123

Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which t…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-2121

Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-2120

Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-2109

Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2011-2108

Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to a "design flaw."

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-2102

Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2011-2100

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the c…

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2011-2091

Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-1872

Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka…

CVSS: 4.7CWE: CWE-399
Read more
High

CVE-2011-1869

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-1267

The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-1249

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Go…

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2011-0658

Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2,…

CVSS: 9.3CWE: CWE-189
Read more
2011-06-14
Critical

CVE-2011-0873

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality,…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-0872

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2011-0871

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java W…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-0869

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to a…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-0868

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-0867

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java W…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2011-0866

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allo…

CVSS: 7.6CWE: N/A
Read more
Low

CVE-2011-0865

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java W…

CVSS: 2.6CWE: N/A
Read more
Critical

CVE-2011-0864

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java W…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-0863

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to a…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-0862

Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attack…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-0817

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and u…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-0815

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java W…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-0814

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to aff…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-0802

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to aff…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2011-0788

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and u…

CVSS: 7.6CWE: N/A
Read more
High

CVE-2011-0786

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and u…

CVSS: 7.6CWE: N/A
Read more
Critical

CVE-2011-1864

Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3CWE: N/A
Read more
High

CVE-2011-1861

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.

CVSS: 8.3CWE: N/A
Read more
Medium

CVE-2011-1860

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-1859

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-1858

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2011-1857

Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

CVSS: 8.2CWE: N/A
Read more
High

CVE-2011-1709

GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involvin…

CVSS: 7.2CWE: CWE-264
Read more
2011-06-09
High

CVE-2011-2471

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemon…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2011-1812

Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2011-2395

The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet…

CVSS: 5.0CWE: CWE-16
Read more
Medium

CVE-2011-1711

Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of othe…

CVSS: 5.5CWE: N/A
Read more
2011-06-08
Medium

CVE-2011-1584

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execut…

CVSS: 6.5CWE: CWE-264
Read more
Critical

CVE-2010-4663

Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
2011-06-06
Medium

CVE-2011-2216

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer d…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2175

Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via…

CVSS: 4.3CWE: CWE-189
Read more
Medium

CVE-2011-2174

Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application cra…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-2145

mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and…

CVSS: 6.3CWE: CWE-264
Read more
Medium

CVE-2011-1958

Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter diction…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-1957

The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infi…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-1956

The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbi…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2011-1952

common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

CVSS: 5.5CWE: CWE-264
Read more
Medium

CVE-2011-1921

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2011-1783

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to…

CVSS: 4.3CWE: N/A
Read more
2011-06-02
Critical

CVE-2011-2331

Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer ove…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2011-2330

Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send…

CVSS: 9.0CWE: CWE-264
Read more
Medium

CVE-2011-2329

The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers…

CVSS: 6.5CWE: CWE-264
Read more
High

CVE-2011-2041

The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain pri…

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2011-2024

Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627.

CVSS: 10.0CWE: CWE-255
Read more
Low

CVE-2011-1637

Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image…

CVSS: 1.5CWE: CWE-264
Read more
Critical

CVE-2011-1623

Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) th…

CVSS: 10.0CWE: CWE-255
Read more
Medium

CVE-2011-1603

Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815.

CVSS: 6.6CWE: CWE-264
Read more
Medium

CVE-2011-1602

The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426.

CVSS: 6.6CWE: CWE-264
Read more
Medium

CVE-2009-4008

Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-1947

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by a…

CVSS: 5.0CWE: CWE-399
Read more
2011-05-31
High

CVE-2011-2215

Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2.0.6 has unknown impact and attack vectors, possibly related to file deletion and an encoded URL, a different vulnerability than…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2011-2214

Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2011-1945

The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly…

CVSS: 2.6CWE: CWE-310
Read more
Medium

CVE-2011-1925

nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-1922

daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-1910

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service…

CVSS: 5.0CWE: CWE-189
Read more
High

CVE-2011-1651

Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-1649

The Internet Streamer application in Cisco Content Delivery System (CDS) with software 2.5.7, 2.5.8, and 2.5.9 before build 126 allows remote attackers to cause a denial of service (Web Engine crash)…

CVSS: 7.8CWE: CWE-399
Read more
Critical

CVE-2011-1645

The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2…

CVSS: 9.3CWE: CWE-16
Read more
Low

CVE-2011-1486

libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same…

CVSS: 3.3CWE: CWE-399
Read more
Medium

CVE-2011-1329

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonst…

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2011-1213

Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that trigg…

CVSS: 9.3CWE: CWE-189
Read more
High

CVE-2011-0949

Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by ma…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0943

Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147.

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2011-0766

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, whic…

CVSS: 7.8CWE: CWE-310
Read more
Critical

CVE-2011-0628

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript…

CVSS: 9.3CWE: CWE-189
Read more
2011-05-26
Medium

CVE-2011-2173

The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via request…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2011-1801

Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2010-4806

The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain r…

CVSS: 4.0CWE: CWE-264
Read more
2011-05-24
Critical

CVE-2011-2171

Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2011-2169

Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it.

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2011-2168

Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APP…

CVSS: 5.0CWE: CWE-189
Read more
Medium

CVE-2011-2166

script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveragin…

CVSS: 6.5CWE: CWE-16
Read more
Medium

CVE-2011-1928

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infi…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-1521

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain se…

CVSS: 6.4CWE: CWE-399
Read more
Low

CVE-2011-1424

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the t…

CVSS: 3.5CWE: CWE-16
Read more
2011-05-23
Medium

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending…

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending…

CVSS: 5.1CWE: CWE-264
Read more
Medium

CVE-2011-1575

The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP session…

CVSS: 5.8CWE: CWE-399
Read more
Medium

CVE-2009-5024

ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a…

CVSS: 5.0CWE: CWE-399
Read more
2011-05-20
Critical

CVE-2011-2164

Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-2163

Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors.

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2011-2162

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mand…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-2161

The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (a…

CVSS: 4.3CWE: CWE-399
Read more
Critical

CVE-2011-2159

The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conf…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2011-2158

The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretati…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2011-2157

The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2011-2151

The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web s…

CVSS: 5.0CWE: CWE-310
Read more
Low

CVE-2011-2147

Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitra…

CVSS: 3.6CWE: CWE-264
Read more
Medium

CVE-2011-2021

Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.

CVSS: 4.3CWE: N/A
Read more
>