Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2741 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2012-01-24 | 6.8 MEDIUM | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." | |||||
| CVE-2011-2742 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2012-01-24 | 6.8 MEDIUM | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. | |||||
| CVE-2011-4053 | 1 7t | 1 Igss | 2012-01-23 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2011-4135 | 1 Flexerasoftware | 1 Flexnet Publisher | 2012-01-23 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389. | |||||
| CVE-2012-0268 | 1 Yahoo | 1 Messenger | 2012-01-23 | 5.1 MEDIUM | N/A |
| Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. | |||||
| CVE-2011-4873 | 1 Atvise | 1 Atvise | 2012-01-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840. | |||||
| CVE-2007-6744 | 1 Flexerasoftware | 1 Installshield | 2012-01-20 | 2.1 LOW | N/A |
| Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. | |||||
| CVE-2011-4134 | 1 Flexerasoftware | 1 Flexnet Publisher | 2012-01-20 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet. | |||||
| CVE-2011-3568 | 1 Oracle | 1 Fusion Middleware | 2012-01-19 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security. | |||||
| CVE-2011-3564 | 1 Oracle | 1 Sun Glassfish Enterprise Server | 2012-01-19 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration. | |||||
| CVE-2011-4142 | 1 Emc | 1 Sourceone Email Management | 2012-01-19 | 2.1 LOW | N/A |
| The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2011-2271 | 1 Oracle | 1 E-business Suite | 2012-01-19 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload. | |||||
| CVE-2011-2318 | 1 Oracle | 1 Fusion Middleware | 2012-01-19 | 1.5 LOW | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows local users to affect confidentiality, related to WLS Security. | |||||
| CVE-2011-3566 | 1 Oracle | 1 Fusion Middleware | 2012-01-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container. | |||||
| CVE-2011-3341 | 1 Openttd | 1 Openttd | 2012-01-19 | 7.5 HIGH | N/A |
| Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. | |||||
| CVE-2011-3342 | 1 Openttd | 1 Openttd | 2012-01-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame. | |||||
| CVE-2011-3343 | 1 Openttd | 1 Openttd | 2012-01-19 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file. | |||||
| CVE-2011-3364 | 1 Gnome | 2 Ifcfg-rh Plug-in, Networkmanager | 2012-01-19 | 6.9 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. | |||||
| CVE-2011-3365 | 1 Kde | 1 Kde Sc | 2012-01-19 | 4.3 MEDIUM | N/A |
| The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | |||||
| CVE-2011-2685 | 1 Libreoffice | 1 Libreoffice | 2012-01-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file. | |||||
| CVE-2011-2705 | 1 Ruby-lang | 1 Ruby | 2012-01-19 | 5.0 MEDIUM | N/A |
| The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. | |||||
| CVE-2011-2768 | 1 Tor | 1 Tor | 2012-01-19 | 5.8 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. | |||||
| CVE-2011-2769 | 1 Tor | 1 Tor | 2012-01-19 | 4.3 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. | |||||
| CVE-2011-2778 | 1 Tor | 1 Tor | 2012-01-19 | 7.6 HIGH | N/A |
| Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration. | |||||
| CVE-2011-1772 | 2 Apache, Opensymphony | 3 Struts, Webwork, Xwork | 2012-01-19 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. | |||||
| CVE-2011-2176 | 1 Gnome | 1 Networkmanager | 2012-01-19 | 2.1 LOW | N/A |
| GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | |||||
| CVE-2010-2640 | 1 Redhat | 1 Evince | 2012-01-19 | 7.6 HIGH | N/A |
| Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | |||||
| CVE-2010-2641 | 1 Redhat | 1 Evince | 2012-01-19 | 7.6 HIGH | N/A |
| Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | |||||
| CVE-2010-2643 | 1 Redhat | 1 Evince | 2012-01-19 | 7.6 HIGH | N/A |
| Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | |||||
| CVE-2009-5064 | 1 Gnu | 1 Glibc | 2012-01-19 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc." | |||||
| CVE-2009-2702 | 1 Kde | 1 Kdelibs | 2012-01-19 | 7.5 HIGH | N/A |
| KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2011-2170 | 1 Google | 1 Chrome Os | 2012-01-18 | 4.4 MEDIUM | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors. | |||||
| CVE-2011-2171 | 1 Google | 1 Chrome Os | 2012-01-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors. | |||||
| CVE-2011-4057 | 1 Wibu | 1 Codemeter Runtime | 2012-01-16 | 5.0 MEDIUM | N/A |
| Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. | |||||
| CVE-2011-3213 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 7.6 HIGH | N/A |
| The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. | |||||
| CVE-2011-3214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 4.6 MEDIUM | N/A |
| IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. | |||||
| CVE-2011-3215 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 2.1 LOW | N/A |
| The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. | |||||
| CVE-2011-3216 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 2.1 LOW | N/A |
| The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. | |||||
| CVE-2011-3217 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. | |||||
| CVE-2011-3218 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 2.6 LOW | N/A |
| The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. | |||||
| CVE-2011-3220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 4.3 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | |||||
| CVE-2011-3221 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2011-3222 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | |||||
| CVE-2011-3223 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. | |||||
| CVE-2011-3224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 2.6 LOW | N/A |
| The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. | |||||
| CVE-2011-3225 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 5.0 MEDIUM | N/A |
| The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | |||||
| CVE-2011-3226 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | |||||
| CVE-2011-3227 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | |||||
| CVE-2011-3228 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | |||||
| CVE-2011-2308 | 1 Oracle | 1 E-business Suite | 2012-01-14 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Online Help. | |||||