Total
9170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0158 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | |||||
CVE-2011-0161 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2017-08-16 | 4.3 MEDIUM | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | |||||
CVE-2011-0163 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2017-08-16 | 4.3 MEDIUM | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | |||||
CVE-2011-0465 | 2 Matthias Hopf, X | 2 Xrdb, X11 | 2017-08-16 | 9.3 HIGH | N/A |
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. | |||||
CVE-2011-0017 | 1 Exim | 1 Exim | 2017-08-16 | 6.9 MEDIUM | N/A |
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. | |||||
CVE-2011-0491 | 1 Tor | 1 Tor | 2017-08-16 | 5.0 MEDIUM | N/A |
The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors." | |||||
CVE-2011-0581 | 1 Adobe | 1 Coldfusion | 2017-08-16 | 4.3 MEDIUM | N/A |
Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags. | |||||
CVE-2011-0771 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2017-08-16 | 6.8 MEDIUM | N/A |
The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | |||||
CVE-2011-0721 | 1 Debian | 1 Shadow | 2017-08-16 | 6.4 MEDIUM | N/A |
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. | |||||
CVE-2011-0738 | 2 Globus, Ncsa | 2 Globus Toolkit, Myproxy | 2017-08-16 | 4.3 MEDIUM | N/A |
MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation. | |||||
CVE-2011-0739 | 1 Mikel Lindsaar | 1 Mail | 2017-08-16 | 6.8 MEDIUM | N/A |
The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. | |||||
CVE-2011-0986 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-16 | 5.0 MEDIUM | N/A |
phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. | |||||
CVE-2011-0987 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-16 | 6.5 MEDIUM | N/A |
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. | |||||
CVE-2011-0996 | 1 Roy Marples | 1 Dhcpcd | 2017-08-16 | 6.8 MEDIUM | N/A |
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | |||||
CVE-2011-1000 | 1 Freedesktop | 1 Telepathy Gabble | 2017-08-16 | 6.4 MEDIUM | N/A |
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. | |||||
CVE-2011-1067 | 1 Fedoraproject | 1 389 Directory Server | 2017-08-16 | 5.0 MEDIUM | N/A |
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. | |||||
CVE-2011-1094 | 1 Redhat | 1 Kdelibs | 2017-08-16 | 4.3 MEDIUM | N/A |
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. | |||||
CVE-2010-0496 | 2 Apple, Freebit | 2 Iphone Os, Serversman | 2017-08-16 | 5.0 MEDIUM | N/A |
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. | |||||
CVE-2010-0589 | 1 Cisco | 1 Secure Desktop | 2017-08-16 | 9.3 HIGH | N/A |
The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876. | |||||
CVE-2010-0719 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2017-08-16 | 4.7 MEDIUM | N/A |
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. |