Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3253 | 1 Apple | 1 Iphone Os | 2011-10-14 | 2.6 LOW | N/A |
| CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |||||
| CVE-2011-0240 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-14 | 9.3 HIGH | N/A |
| WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
| CVE-2011-0237 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-14 | 9.3 HIGH | N/A |
| WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
| CVE-2011-0223 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-14 | 9.3 HIGH | N/A |
| WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
| CVE-2011-0215 | 2 Apple, Microsoft | 5 Imageio, Safari, Windows 7 and 2 more | 2011-10-14 | 9.3 HIGH | N/A |
| ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. | |||||
| CVE-2011-0253 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-14 | 9.3 HIGH | N/A |
| WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
| CVE-2010-4334 | 1 Io-socket-ssl | 1 Io-socket-ssl | 2011-10-14 | 4.0 MEDIUM | N/A |
| The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | |||||
| CVE-2011-2115 | 1 Adobe | 1 Shockwave Player | 2011-10-12 | 9.3 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted tSAC chunk, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-2111 and CVE-2011-2116. | |||||
| CVE-2011-2123 | 1 Adobe | 1 Shockwave Player | 2011-10-11 | 9.3 HIGH | N/A |
| Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow. | |||||
| CVE-2006-4466 | 1 Joomla | 1 Joomla | 2011-10-11 | 5.0 MEDIUM | N/A |
| Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!. | |||||
| CVE-2006-4302 | 1 Sun | 2 J2se, Java Web Start | 2011-10-11 | 5.0 MEDIUM | N/A |
| The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities. | |||||
| CVE-2006-5679 | 1 Freebsd | 1 Freebsd | 2011-10-11 | 4.6 MEDIUM | N/A |
| Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. | |||||
| CVE-2006-2900 | 2 Canon, Microsoft | 2 Network Camera Server Vb101, Ie | 2011-10-11 | 4.0 MEDIUM | N/A |
| Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | |||||
| CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2011-10-06 | 9.3 HIGH | N/A |
| Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | |||||
| CVE-2011-2948 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 9.3 HIGH | N/A |
| RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file. | |||||
| CVE-2011-2953 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 10.0 HIGH | N/A |
| An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition. | |||||
| CVE-2011-2954 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2696 | 1 Mega-nerd | 1 Libsndfile | 2011-10-06 | 6.8 MEDIUM | N/A |
| Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. | |||||
| CVE-2011-2949 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file. | |||||
| CVE-2011-2947 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document. | |||||
| CVE-2011-2955 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog. | |||||
| CVE-2011-2654 | 1 Novell | 1 Cloud Manager | 2011-10-06 | 9.3 HIGH | N/A |
| The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. | |||||
| CVE-2011-2946 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 10.0 HIGH | N/A |
| Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-2945 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream. | |||||
| CVE-2011-2952 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box. | |||||
| CVE-2011-2951 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-10-06 | 9.3 HIGH | N/A |
| Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file. | |||||
| CVE-2011-2564 | 1 Cisco | 2 Intercompany Media Engine, Unified Communications Manager | 2011-10-06 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. | |||||
| CVE-2011-2581 | 1 Cisco | 3 Nexus 3000, Nexus 5000, Nx-os | 2011-10-06 | 5.0 MEDIUM | N/A |
| The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. | |||||
| CVE-2011-2563 | 1 Cisco | 2 Intercompany Media Engine, Unified Communications Manager | 2011-10-06 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. | |||||
| CVE-2011-3385 | 2 Lepton-cms, Websitebaker2 | 2 Lepton, Websitebaker | 2011-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307. | |||||
| CVE-2011-2420 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2011-2419 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 10.0 HIGH | N/A |
| IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2011-2421 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file. | |||||
| CVE-2011-2422 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 10.0 HIGH | N/A |
| Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2011-2133 | 1 Adobe | 2 Robohelp, Robohelp Server | 2011-10-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js. | |||||
| CVE-2011-2241 | 1 Oracle | 1 Fusion Middleware | 2011-10-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server. | |||||
| CVE-2011-2242 | 1 Oracle | 1 Database Server | 2011-10-05 | 1.3 LOW | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP. | |||||
| CVE-2011-2121 | 1 Adobe | 1 Shockwave Player | 2011-10-05 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2278 | 1 Oracle | 2 Peoplesoft Enterprise Hrms, Peoplesoft Products | 2011-10-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9, Bundle, #24, 9.0, Bundle, #17, 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. | |||||
| CVE-2011-2279 | 1 Oracle | 2 Peoplesoft Enterprise Hrms, Peoplesoft Products | 2011-10-05 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager. | |||||
| CVE-2011-2281 | 1 Oracle | 2 Peoplesoft Enterprise Hrms, Peoplesoft Products | 2011-10-05 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 Update 2011-D allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core. | |||||
| CVE-2011-2131 | 1 Adobe | 2 Creative Suite, Photoshop | 2011-10-05 | 9.3 HIGH | N/A |
| Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file. | |||||
| CVE-2011-2296 | 1 Sun | 1 Sunos | 2011-10-05 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP. | |||||
| CVE-2011-2283 | 1 Oracle | 2 Peoplesoft Enterprise Fms, Peoplesoft Products | 2011-10-05 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Payables. | |||||
| CVE-2011-2132 | 1 Adobe | 1 Flash Media Server | 2011-10-05 | 5.0 MEDIUM | N/A |
| Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, allows attackers to cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2011-2284 | 1 Oracle | 2 Peoplesoft Enterprise Hrms, Peoplesoft Products | 2011-10-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. | |||||
| CVE-2011-2285 | 1 Sun | 1 Sunos | 2011-10-05 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer. | |||||
| CVE-2011-2287 | 1 Sun | 1 Sunos | 2011-10-05 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd. | |||||
| CVE-2011-2288 | 1 Oracle | 7 Netra Sparc T3-1, Netra Sparc T3-1b, Sparc T3-1 and 4 more | 2011-10-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM. | |||||
| CVE-2011-2289 | 1 Sun | 1 Sunos | 2011-10-05 | 3.6 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade. | |||||