Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1315 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 5.0 MEDIUM | N/A |
| Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. | |||||
| CVE-2011-1314 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 5.0 MEDIUM | N/A |
| The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. | |||||
| CVE-2011-1313 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 5.0 MEDIUM | N/A |
| Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call. | |||||
| CVE-2011-1312 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 4.0 MEDIUM | N/A |
| The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. | |||||
| CVE-2011-1311 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 6.0 MEDIUM | N/A |
| The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. | |||||
| CVE-2011-1309 | 1 Ibm | 1 Websphere Application Server | 2011-04-07 | 7.5 HIGH | N/A |
| The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. | |||||
| CVE-2010-1243 | 1 Ibm | 1 Webi | 2011-04-07 | 7.5 HIGH | N/A |
| The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. | |||||
| CVE-2010-1242 | 1 Ibm | 1 Webi | 2011-04-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1652 | 1 Microsoft | 1 Windows 7 | 2011-04-06 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks on communication with external IPv4 servers via vectors involving RAs, a DHCPv6 server, and NAT-PT on the local network, aka a "SLAAC Attack." NOTE: it can be argued that preferring IPv6 complies with RFC 3484, and that attempting to determine the legitimacy of an RA is currently outside the scope of recommended behavior of host operating systems. | |||||
| CVE-2010-4596 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2011-04-06 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. | |||||
| CVE-2010-4235 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2011-04-06 | 10.0 HIGH | N/A |
| Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. | |||||
| CVE-2011-1561 | 1 Ibm | 1 Aix | 2011-04-05 | 6.8 MEDIUM | N/A |
| The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | |||||
| CVE-2011-1558 | 1 Ibm | 1 Webi | 2011-04-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. | |||||
| CVE-2011-1559 | 1 Ibm | 1 Webi | 2011-04-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors. | |||||
| CVE-2011-1557 | 1 Icloudcenter | 1 Icjobsite | 2011-04-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2011-1555 | 1 Aphpkb | 1 Aphpkb | 2011-04-05 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7219 | 1 Horde | 5 Groupware, Groupware Webmail Edition, Kronolith H3 and 2 more | 2011-04-05 | 10.0 HIGH | N/A |
| Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | |||||
| CVE-2011-0376 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 10.0 HIGH | N/A |
| The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876. | |||||
| CVE-2011-0378 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 8.3 HIGH | N/A |
| The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. | |||||
| CVE-2011-0374 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 9.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. | |||||
| CVE-2011-0372 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 10.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. | |||||
| CVE-2011-0160 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2011-03-31 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||
| CVE-2011-0167 | 1 Apple | 2 Safari, Webkit | 2011-03-31 | 4.3 MEDIUM | N/A |
| The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. | |||||
| CVE-2011-0373 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 9.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | |||||
| CVE-2011-0375 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 9.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. | |||||
| CVE-2011-0159 | 1 Apple | 1 Iphone Os | 2011-03-31 | 5.0 MEDIUM | N/A |
| The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. | |||||
| CVE-2011-0022 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2011-03-31 | 4.7 MEDIUM | N/A |
| The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. | |||||
| CVE-2011-0019 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2011-03-31 | 7.5 HIGH | N/A |
| slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. | |||||
| CVE-2011-1318 | 1 Ibm | 1 Websphere Application Server | 2011-03-30 | 5.0 MEDIUM | N/A |
| Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted. | |||||
| CVE-2011-1319 | 1 Ibm | 1 Websphere Application Server | 2011-03-30 | 4.0 MEDIUM | N/A |
| The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication. | |||||
| CVE-2011-1320 | 1 Ibm | 1 Websphere Application Server | 2011-03-29 | 6.8 MEDIUM | N/A |
| The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation. | |||||
| CVE-2011-0024 | 1 Wireshark | 1 Wireshark | 2011-03-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. | |||||
| CVE-2011-0175 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-24 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font. | |||||
| CVE-2011-0176 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-24 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. | |||||
| CVE-2011-0177 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-24 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. | |||||
| CVE-2011-0174 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-24 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. | |||||
| CVE-2008-7284 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2011-03-24 | 3.5 LOW | N/A |
| IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8. | |||||
| CVE-2008-7286 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2011-03-24 | 3.5 LOW | N/A |
| IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX. | |||||
| CVE-2008-7285 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2011-03-24 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25. | |||||
| CVE-2009-5061 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2011-03-24 | 2.1 LOW | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N. | |||||
| CVE-2010-4774 | 1 Auracms | 1 Auracms | 2011-03-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171. | |||||
| CVE-2009-5060 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2011-03-24 | 3.5 LOW | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX. | |||||
| CVE-2009-5059 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2011-03-24 | 3.5 LOW | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J. | |||||
| CVE-2009-5058 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2011-03-24 | 3.5 LOW | N/A |
| Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR. | |||||
| CVE-2011-0172 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-24 | 4.9 MEDIUM | N/A |
| AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162. | |||||
| CVE-2010-4772 | 1 Matteoiammarrone | 1 S-cms | 2011-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php. | |||||
| CVE-2011-0173 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2011-03-24 | 6.8 MEDIUM | N/A |
| Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. | |||||
| CVE-2010-4771 | 1 Matteoiammarrone | 1 S-cms | 2011-03-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-0180 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-24 | 2.1 LOW | N/A |
| Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. | |||||
| CVE-2011-0183 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-24 | 5.0 MEDIUM | N/A |
| Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." | |||||