Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4276 | 1 Google | 1 Android | 2012-01-25 | 4.3 MEDIUM | N/A |
| The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. | |||||
| CVE-2011-4644 | 1 Splunk | 1 Splunk | 2012-01-25 | 9.3 HIGH | N/A |
| Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. | |||||
| CVE-2011-4866 | 2 Android, Kaixin001 | 2 Android, Kaixin001 | 2012-01-25 | 6.4 MEDIUM | N/A |
| The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application. | |||||
| CVE-2011-4699 | 2 Android, Ubermedia | 2 Android, Twidroyd Legacy | 2012-01-25 | 6.4 MEDIUM | N/A |
| The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | |||||
| CVE-2011-4698 | 2 Android, Androidapptools | 2 Android, Easy Filter | 2012-01-25 | 6.4 MEDIUM | N/A |
| The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. | |||||
| CVE-2012-0916 | 1 Renren | 1 Renren Talk | 2012-01-25 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file. | |||||
| CVE-2011-4123 | 2012-01-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3874. Reason: This candidate is a duplicate of CVE-2011-3874. Notes: All CVE users should reference CVE-2011-3874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4697 | 2 Android, Xiaomi | 2 Android, Mitalk Messenger | 2012-01-24 | 6.4 MEDIUM | N/A |
| The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. | |||||
| CVE-2011-4701 | 2 Android, Hatena | 2 Android, Callconfirm | 2012-01-24 | 5.8 MEDIUM | N/A |
| The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application. | |||||
| CVE-2011-4702 | 2 Android, Nimbuzz | 2 Android, Nimbuzz | 2012-01-24 | 5.8 MEDIUM | N/A |
| The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. | |||||
| CVE-2011-4704 | 2 Android, Voxofon | 2 Android, Voxofon | 2012-01-24 | 5.8 MEDIUM | N/A |
| The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. | |||||
| CVE-2011-4705 | 2 Android, Ming | 2 Android, Blacklist Free | 2012-01-24 | 5.8 MEDIUM | N/A |
| The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack." | |||||
| CVE-2012-0790 | 1 Oetiker | 1 Smokeping | 2012-01-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter. | |||||
| CVE-2012-0915 | 1 Renren | 1 Renren Talk | 2012-01-24 | 9.3 HIGH | N/A |
| Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image. | |||||
| CVE-2012-0912 | 1 Stone-ware | 1 Webnetwork | 2012-01-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0286 | 1 Stone-ware | 1 Webnetwork | 2012-01-24 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts. | |||||
| CVE-2012-0285 | 1 Stone-ware | 1 Webnetwork | 2012-01-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0313 | 1 Glucose | 1 Glucose 2 | 2012-01-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | |||||
| CVE-2011-2741 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2012-01-23 | 6.8 MEDIUM | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." | |||||
| CVE-2011-2742 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2012-01-23 | 6.8 MEDIUM | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. | |||||