Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1726 | 1 Hp | 1 Sitescope | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1727 | 1 Hp | 1 Sitescope | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue. | |||||
| CVE-2011-1739 | 1 Freebsd | 1 Freebsd | 2017-08-17 | 4.3 MEDIUM | N/A |
| The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request. | |||||
| CVE-2011-1740 | 1 Emc | 1 Avamar | 2017-08-17 | 7.7 HIGH | N/A |
| EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain. | |||||
| CVE-2011-1750 | 1 Qemu | 1 Qemu | 2017-08-17 | 7.4 HIGH | N/A |
| Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. | |||||
| CVE-2011-1753 | 1 Process-one | 2 Ejabberd, Exmpp | 2017-08-17 | 5.0 MEDIUM | N/A |
| expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
| CVE-2011-1754 | 1 Jabberd | 1 Jabberd14 | 2017-08-17 | 5.0 MEDIUM | N/A |
| jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
| CVE-2011-1755 | 1 Jabber | 1 Jabberd2 | 2017-08-17 | 5.0 MEDIUM | N/A |
| jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
| CVE-2011-1784 | 1 Keepalived | 1 Keepalived | 2017-08-17 | 3.6 LOW | N/A |
| The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files. | |||||
| CVE-2011-1788 | 1 Vmware | 1 Vcenter | 2017-08-17 | 2.1 LOW | N/A |
| vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. | |||||
| CVE-2011-1820 | 1 Ibm | 1 Tivoli Directory Server | 2017-08-17 | 1.7 LOW | N/A |
| IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log. | |||||
| CVE-2011-1823 | 1 Google | 1 Android | 2017-08-17 | 7.2 HIGH | N/A |
| The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak. | |||||
| CVE-2011-1828 | 1 Evan Dandrea | 1 Usb-creator | 2017-08-17 | 2.1 LOW | N/A |
| usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command. | |||||
| CVE-2011-1839 | 1 Ibm | 1 Rational Build Forge | 2017-08-17 | 5.0 MEDIUM | N/A |
| IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2011-1841 | 1 Mojolicious | 1 Mojolicious | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1842 | 1 Ubuntu | 1 Language-selector | 2017-08-17 | 7.2 HIGH | N/A |
| dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729. | |||||
| CVE-2011-1857 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 8.2 HIGH | N/A |
| Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2011-1858 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2011-1859 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2011-1860 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors. | |||||
| CVE-2011-1861 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 8.3 HIGH | N/A |
| Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors. | |||||
| CVE-2011-1862 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1863 | 1 Hp | 2 Service Center, Service Manager | 2017-08-17 | 7.5 HIGH | N/A |
| HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors. | |||||
| CVE-2011-1864 | 1 Hp | 1 Openview Storage Data Protector | 2017-08-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2011-1865 | 1 Hp | 1 Openview Storage Data Protector | 2017-08-17 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters. | |||||
| CVE-2011-1908 | 1 Foxitsoftware | 1 Foxit Reader | 2017-08-17 | 9.3 HIGH | N/A |
| Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. | |||||
| CVE-2011-1911 | 1 Jasperforge | 1 Jasperreports Server Community Project | 2017-08-17 | 6.8 MEDIUM | N/A |
| JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach. | |||||
| CVE-2011-1913 | 1 Mercator | 1 Sentinel | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2017-08-17 | 3.3 LOW | N/A |
| The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | |||||
| CVE-2011-1922 | 1 Nlnetlabs | 1 Unbound | 2017-08-17 | 4.3 MEDIUM | N/A |
| daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. | |||||
| CVE-2011-1925 | 1 Wouter Verhelst | 1 Nbd | 2017-08-17 | 5.0 MEDIUM | N/A |
| nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export. | |||||
| CVE-2011-1929 | 1 Dovecot | 1 Dovecot | 2017-08-17 | 5.0 MEDIUM | N/A |
| lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | |||||
| CVE-2011-1938 | 1 Php | 1 Php | 2017-08-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. | |||||
| CVE-2011-1946 | 1 Hongli Lai | 1 Libgnomesu | 2017-08-17 | 7.2 HIGH | N/A |
| gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts. | |||||
| CVE-2017-12880 | 2017-08-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11424. Reason: This candidate is a duplicate of CVE-2017-11424. Notes: All CVE users should reference CVE-2017-11424 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-3592 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Internal Operations. | |||||
| CVE-2010-3593 | 1 Oracle | 2 Argus Safety, Industry Applications | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Health Sciences - Oracle Argus Safety component in Oracle Industry Applications 5.0, 5.0.1, 5.0.2, and 5.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Login and LDAP. | |||||
| CVE-2010-3594 | 1 Oracle | 1 Enterprise Manager Grid Control | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Real User Experience Insight component in Oracle Enterprise Manager Grid Control 6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Processing. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this is SQL injection in rsynclogdird involving improper escaping of UTF-8 characters while processing log files. | |||||
| CVE-2010-3597 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 1.9 LOW | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.0 allows local users to affect availability, related to Outside In Viewer SDK. | |||||
| CVE-2010-3598 | 1 Oracle | 1 Fusion Middleware | 2017-08-17 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Import Export Utility. | |||||
| CVE-2010-3600 | 1 Oracle | 2 Database Server, Enterprise Manager Grid Control | 2017-08-17 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code. | |||||
| CVE-2010-3602 | 1 Sourcetreesolutions | 1 Mojoportal | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-3603 | 1 Sourcetreesolutions | 1 Mojoportal | 2017-08-17 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information. | |||||
| CVE-2010-3606 | 1 Netartmedia | 1 Real Estate Portal | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action parameters. | |||||
| CVE-2010-3607 | 1 Netartmedia | 1 Real Estate Portal | 2017-08-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2010-3611 | 1 Isc | 1 Dhcp | 2017-08-17 | 4.3 MEDIUM | N/A |
| ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. | |||||
| CVE-2010-3618 | 1 Pgp | 2 Desktop For Mac, Desktop For Windows | 2017-08-17 | 4.3 MEDIUM | N/A |
| PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue. | |||||
| CVE-2010-3764 | 1 Mozilla | 1 Bugzilla | 2017-08-17 | 5.0 MEDIUM | N/A |
| The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. | |||||
| CVE-2010-3827 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.3 MEDIUM | N/A |
| Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | |||||
| CVE-2010-3828 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.3 MEDIUM | N/A |
| iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | |||||