Total
238401 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1288 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2024-02-04 | 9.3 HIGH | N/A |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
CVE-2011-2569 | 1 Cisco | 3 Nx-os, Unified Computing System, Unified Computing System Infrastructure And Unified Computing System Software | 2024-02-04 | 6.8 MEDIUM | N/A |
Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. | |||||
CVE-2011-2741 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2024-02-04 | 6.8 MEDIUM | N/A |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." | |||||
CVE-2011-4037 | 1 Sielcosistemi | 2 Winlog Lite, Winlog Pro | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file. | |||||
CVE-2011-2651 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename. | |||||
CVE-2010-0041 | 2 Apple, Microsoft | 2 Safari, Windows | 2024-02-04 | 4.3 MEDIUM | N/A |
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. | |||||
CVE-2011-1343 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." | |||||
CVE-2010-2001 | 2 Drupal, Ninjitsuweb | 2 Drupal, Civiregister | 2024-02-04 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
CVE-2010-2546 | 1 Raphael Assenat | 1 Libmikmod | 2024-02-04 | 9.3 HIGH | N/A |
Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. | |||||
CVE-2011-1688 | 1 Bestpractical | 1 Rt | 2024-02-04 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request. | |||||
CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2024-02-04 | 6.4 MEDIUM | N/A |
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | |||||
CVE-2011-3365 | 1 Kde | 1 Kde Sc | 2024-02-04 | 4.3 MEDIUM | N/A |
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | |||||
CVE-2010-1831 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document. | |||||
CVE-2011-1105 | 1 Mutare | 1 Evm | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allow remote attackers to inject arbitrary web script or HTML via (1) a delivery address and possibly (2) a PIN. | |||||
CVE-2011-4716 | 1 Dream-multimedia-tv | 4 Dreambox Dm800 Hd Pvr, Dreambox Dm800 Hd Pvr Firmware, Dreambox Dm800 Hd Se and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. | |||||
CVE-2010-4954 | 1 Gambio | 1 Xt\ | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
CVE-2010-1806 | 1 Apple | 1 Safari | 2024-02-04 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. | |||||
CVE-2011-1583 | 1 Citrix | 1 Xen | 2024-02-04 | 6.9 MEDIUM | N/A |
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. | |||||
CVE-2009-4417 | 1 Zend | 1 Framework | 2024-02-04 | 5.0 MEDIUM | N/A |
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." | |||||
CVE-2011-3498 | 1 Progea | 1 Movicon Powerhmi | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request. |