Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1905 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-30 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. | |||||
CVE-2011-1906 | 1 Trustwave | 1 Webdefend | 2011-05-30 | 5.0 MEDIUM | N/A |
Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756. | |||||
CVE-2010-4284 | 1 Samsung | 1 Data Management Server | 2011-05-26 | 7.5 HIGH | N/A |
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2011-0426 | 1 Vmware | 2 Vcenter, Virtualcenter | 2011-05-26 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2011-1323 | 2 Nec, Yamaha | 52 Ip38x\/1000, Ip38x\/103, Ip38x\/105 and 49 more | 2011-05-26 | 7.8 HIGH | N/A |
Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location. | |||||
CVE-2011-1324 | 1 Buffalotech | 43 As-100, Bbr-4hg, Bbr-4hg Firmware and 40 more | 2011-05-26 | 5.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. | |||||
CVE-2010-4806 | 1 Ibm | 1 Web Content Manager | 2011-05-26 | 4.0 MEDIUM | N/A |
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. | |||||
CVE-2011-1325 | 1 Lockon | 1 Ec-cube | 2011-05-25 | 5.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
CVE-2011-1789 | 1 Vmware | 3 Esx, Esxi, Vcenter | 2011-05-25 | 5.0 MEDIUM | N/A |
The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. | |||||
CVE-2011-2074 | 2 Apple, Skype | 2 Mac Os X, Skype | 2011-05-25 | 8.5 HIGH | N/A |
Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. | |||||
CVE-2006-7245 | 1 Monkeysaudio | 1 Monkey\'s Audio | 2011-05-24 | 4.3 MEDIUM | N/A |
Monkey's Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination. | |||||
CVE-2007-4311 | 1 Linux | 1 Linux Kernel | 2011-05-24 | 6.8 MEDIUM | N/A |
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator. | |||||
CVE-2011-0612 | 1 Adobe | 1 Flash Media Server | 2011-05-24 | 5.0 MEDIUM | N/A |
Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors. | |||||
CVE-2011-0613 | 1 Adobe | 2 Robohelp, Robohelp Server | 2011-05-24 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/. | |||||
CVE-2011-0615 | 1 Adobe | 1 Audition | 2011-05-24 | 9.3 HIGH | N/A |
Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data in unspecified fields in the TRKM chunk in an Audition Session (aka .ses) file, related to inconsistent use of character data types. | |||||
CVE-2011-2169 | 1 Google | 1 Chrome Os | 2011-05-24 | 7.2 HIGH | N/A |
Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | |||||
CVE-2007-1460 | 1 Php | 1 Php | 2011-05-23 | 5.0 MEDIUM | N/A |
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. | |||||
CVE-2009-5075 | 1 Monkeysaudio | 1 Monkey\'s Audio | 2011-05-23 | 4.3 MEDIUM | N/A |
Monkey's Audio before 4.02 allows remote attackers to cause a denial of service (application crash) via a malformed APE file. | |||||
CVE-2011-1327 | 1 Trendmicro | 1 Trend Micro Internet Security | 2011-05-23 | 2.1 LOW | N/A |
The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. | |||||
CVE-2011-2164 | 1 Adobe | 1 Photoshop | 2011-05-23 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors. |