Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1068 | 1 Microsoft | 1 Windows Azure Sdk | 2011-04-21 | 2.6 LOW | N/A |
| Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. | |||||
| CVE-2010-4753 | 1 Lightneasy | 1 Lightneasy | 2011-04-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message. | |||||
| CVE-2011-1307 | 1 Ibm | 1 Websphere Application Server | 2011-04-21 | 2.1 LOW | N/A |
| The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173. | |||||
| CVE-2011-1683 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2011-04-21 | 6.8 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. | |||||
| CVE-2011-0765 | 1 Pwhois | 1 Layer Four Traceroute | 2011-04-21 | 7.2 HIGH | N/A |
| Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) 3.x before 3.3 allows local users to gain privileges via a crafted command line. | |||||
| CVE-2011-0891 | 1 Hp | 1 Hp-ux | 2011-04-21 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX B.11.23 and B.11.31 allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2011-1548 | 2 Debian, Gentoo | 2 Linux, Logrotate | 2011-04-21 | 6.3 MEDIUM | N/A |
| The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/. | |||||
| CVE-2011-1155 | 1 Gentoo | 1 Logrotate | 2011-04-21 | 1.9 LOW | N/A |
| The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | |||||
| CVE-2011-1549 | 1 Gentoo | 2 Linux, Logrotate | 2011-04-21 | 6.3 MEDIUM | N/A |
| The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | |||||
| CVE-2011-1006 | 1 Balbir Singh | 1 Libcgroup | 2011-04-21 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2011-1154 | 1 Gentoo | 1 Logrotate | 2011-04-21 | 6.9 MEDIUM | N/A |
| The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. | |||||
| CVE-2011-0935 | 1 Cisco | 1 Ios | 2011-04-21 | 10.0 HIGH | N/A |
| The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685. | |||||
| CVE-2011-1098 | 1 Gentoo | 1 Logrotate | 2011-04-21 | 1.9 LOW | N/A |
| Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. | |||||
| CVE-2011-0818 | 1 Oracle | 6 Enterpriseone Tools, Jd Edwards Enterpriseone, Jd Edwards Enterpriseone Ep and 3 more | 2011-04-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC. | |||||
| CVE-2011-0810 | 1 Oracle | 6 Enterpriseone Tools, Jd Edwards Enterpriseone, Jd Edwards Enterpriseone Ep and 3 more | 2011-04-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC. | |||||
| CVE-2011-0795 | 1 Oracle | 1 Fusion Middleware | 2011-04-20 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring. | |||||
| CVE-2011-0796 | 1 Oracle | 1 E-business Suite | 2011-04-20 | 1.7 LOW | N/A |
| Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors. | |||||
| CVE-2011-0797 | 1 Oracle | 1 E-business Suite | 2011-04-20 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2011-0798 | 1 Oracle | 1 Fusion Middleware | 2011-04-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure. | |||||
| CVE-2011-0799 | 1 Oracle | 2 Database Server, Warehouse Builder | 2011-04-20 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Warehouse Builder User Account. | |||||
| CVE-2011-0806 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2011-04-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Network Foundation component in Oracle Database Server 10.1.0.5, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2, when running on Windows, allows remote attackers to affect availability via unknown vectors. | |||||
| CVE-2011-0809 | 1 Oracle | 1 E-business Suite | 2011-04-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2011-1401 | 1 Ikiwiki | 1 Ikiwiki | 2011-04-20 | 3.5 LOW | N/A |
| ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet. | |||||
| CVE-2011-0793 | 1 Oracle | 1 Database Server | 2011-04-20 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity and availability, related to SYSDBA. | |||||
| CVE-2011-0789 | 1 Oracle | 1 Fusion Middleware | 2011-04-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2011-0787 | 1 Oracle | 2 Database Server, Enterprise Manager Grid Control | 2011-04-20 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Application Service Level Management component in Oracle Database Server 11.1.0.7 and Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Service Level Agreements. | |||||
| CVE-2011-0804 | 1 Oracle | 1 Database Server | 2011-04-20 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2011-0803 | 1 Oracle | 6 Enterpriseone Tools, Jd Edwards Enterpriseone, Jd Edwards Enterpriseone Ep and 3 more | 2011-04-20 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.9 GA through 8.98.4.1, and OneWorld Tools through 24.1.3, allows remote attackers to affect integrity and availability, related to Enterprise Infrastructure SEC. | |||||
| CVE-2011-0785 | 1 Oracle | 2 Database Server, Fusion Middleware | 2011-04-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2011-0805 | 1 Oracle | 1 Database Server | 2011-04-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the UIX component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect integrity via unknown vectors. | |||||
| CVE-2011-0801 | 1 Sun | 1 Sunos | 2011-04-20 | 3.6 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp. | |||||
| CVE-2011-0800 | 1 Sun | 1 Sunos | 2011-04-20 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities. | |||||
| CVE-2011-0791 | 1 Oracle | 1 E-business Suite | 2011-04-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export. | |||||
| CVE-2011-0790 | 1 Sun | 1 Sunos | 2011-04-20 | 1.7 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem. | |||||
| CVE-2011-0286 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Enterprise Server Express | 2011-04-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action. | |||||
| CVE-2011-0012 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2011-04-18 | 3.3 LOW | N/A |
| The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | |||||
| CVE-2011-0382 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2011-04-09 | 10.0 HIGH | N/A |
| The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221. | |||||
| CVE-2011-0388 | 1 Cisco | 4 Telepresence Multipoint Switch, Telepresence Multipoint Switch Software, Telepresence Recording Server and 1 more | 2011-04-09 | 7.8 HIGH | N/A |
| Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825. | |||||
| CVE-2011-0379 | 1 Cisco | 13 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 10 more | 2011-04-09 | 7.9 HIGH | N/A |
| Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761. | |||||
| CVE-2011-0331 | 1 Honeywell | 1 Scanserver Activex Control | 2011-04-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2010-4362 | 1 Micronetsoft | 1 Rv Dealer Website | 2011-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp. | |||||
| CVE-2010-3902 | 1 Infradead | 1 Openconnect | 2011-04-09 | 5.0 MEDIUM | N/A |
| OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list. | |||||
| CVE-2007-4158 | 1 Tibco | 1 Rendezvous | 2011-04-07 | 7.8 HIGH | N/A |
| Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830. | |||||
| CVE-2007-2907 | 1 Ssl-explorer | 1 Ssl-explorer | 2011-04-07 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting (XSS) or HTTP request smuggling. | |||||
| CVE-2011-1310 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 1.9 LOW | N/A |
| The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files. | |||||
| CVE-2011-1316 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 5.0 MEDIUM | N/A |
| The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages. | |||||
| CVE-2011-1315 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 5.0 MEDIUM | N/A |
| Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. | |||||
| CVE-2011-1314 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 5.0 MEDIUM | N/A |
| The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. | |||||
| CVE-2011-1313 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 5.0 MEDIUM | N/A |
| Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call. | |||||
| CVE-2011-1312 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 4.0 MEDIUM | N/A |
| The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. | |||||