Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1330 | 1 Kbs | 1 Weblygo | 2011-10-26 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-1603 | 1 Cisco | 15 Skinny Client Control Protocol Software, Unified Ip Phone 7906, Unified Ip Phone 7911g and 12 more | 2011-10-26 | 6.6 MEDIUM | N/A |
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. | |||||
CVE-2011-1132 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-10-26 | 4.9 MEDIUM | N/A |
The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options. | |||||
CVE-2011-0197 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-10-26 | 2.1 LOW | N/A |
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | |||||
CVE-2011-0198 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-10-26 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font. | |||||
CVE-2011-0199 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-10-26 | 5.8 MEDIUM | N/A |
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | |||||
CVE-2011-0203 | 1 Apple | 1 Mac Os X Server | 2011-10-26 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing. | |||||
CVE-2011-0205 | 1 Apple | 3 Imageio, Mac Os X, Mac Os X Server | 2011-10-26 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. | |||||
CVE-2011-0207 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-10-26 | 5.0 MEDIUM | N/A |
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. | |||||
CVE-2011-0210 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2011-10-26 | 6.8 MEDIUM | N/A |
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. | |||||
CVE-2011-0212 | 1 Apple | 1 Mac Os X Server | 2011-10-26 | 6.4 MEDIUM | N/A |
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. | |||||
CVE-2010-4804 | 1 Google | 1 Android | 2011-10-26 | 4.3 MEDIUM | N/A |
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | |||||
CVE-2011-1756 | 1 Citadel | 1 Citadel | 2011-10-25 | 5.0 MEDIUM | N/A |
modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
CVE-2011-1484 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Soa Platform, Jboss Seam 2 Framework | 2011-10-25 | 6.8 MEDIUM | N/A |
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. | |||||
CVE-2011-1898 | 1 Citrix | 1 Xen | 2011-10-25 | 7.4 HIGH | N/A |
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." | |||||
CVE-2011-0722 | 2 Ffmpeg, Mplayerhq | 2 Ffmpeg, Mplayer | 2011-10-25 | 6.8 MEDIUM | N/A |
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | |||||
CVE-2011-0723 | 2 Ffmpeg, Mplayer | 2 Ffmpeg, Mplayer | 2011-10-25 | 6.8 MEDIUM | N/A |
FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. | |||||
CVE-2011-0226 | 2 Apple, Freetype | 2 Iphone Os, Freetype | 2011-10-25 | 9.3 HIGH | N/A |
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | |||||
CVE-2010-4704 | 1 Ffmpeg | 1 Ffmpeg | 2011-10-25 | 4.3 MEDIUM | N/A |
libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480. | |||||
CVE-2010-3908 | 2 Ffmpeg, Mplayerhq | 2 Ffmpeg, Mplayer | 2011-10-25 | 6.8 MEDIUM | N/A |
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. |