Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2664 | 1 Checkpoint | 1 Multi-domain Management\/provider-1 | 2017-08-28 | 3.6 LOW | N/A |
| Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. | |||||
| CVE-2011-2666 | 1 Digium | 1 Asterisk | 2017-08-28 | 5.0 MEDIUM | N/A |
| The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. | |||||
| CVE-2011-2671 | 1 9.dotpp.net | 1 Megalith | 2017-08-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Megalith 12th edition through 27th edition allows remote attackers to gain administrative privileges via unknown vectors. | |||||
| CVE-2011-2672 | 1 Christian Weiske | 1 Semanticscuttle | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2675 | 1 Utage.org | 1 Enkai | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2676 | 2 Ark-web, Six Apart | 5 A-form, A-form Bamboo, A-form Pc and 2 more | 2017-08-28 | 5.5 MEDIUM | N/A |
| The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors. | |||||
| CVE-2011-2677 | 1 Cybozu | 1 Office | 2017-08-28 | 5.5 MEDIUM | N/A |
| Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | |||||
| CVE-2011-2679 | 1 Ibm | 1 Rational Doors Web Access | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2680 | 1 Ibm | 1 Rational Doors Web Access | 2017-08-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response." | |||||
| CVE-2011-2681 | 1 Ibm | 1 Rational Doors Web Access | 2017-08-28 | 10.0 HIGH | N/A |
| IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-2682 | 1 Ibm | 1 Rational Doors Web Access | 2017-08-28 | 4.0 MEDIUM | N/A |
| The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login. | |||||
| CVE-2011-2697 | 1 Hp | 1 Linux Imaging And Printing Project | 2017-08-28 | 6.8 MEDIUM | N/A |
| foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. | |||||
| CVE-2011-2711 | 1 Lars Hjemli | 1 Cgit | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint. | |||||
| CVE-2011-2747 | 1 Google | 1 Picasa | 2017-08-28 | 9.3 HIGH | N/A |
| Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2011-2752 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-28 | 5.8 MEDIUM | N/A |
| CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. | |||||
| CVE-2011-2753 | 1 Squirrelmail | 1 Squirrelmail | 2017-08-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555. | |||||
| CVE-2011-2759 | 1 Ibm | 1 Tivoli Directory Server | 2017-08-28 | 5.0 MEDIUM | N/A |
| The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2011-2760 | 1 Brocade | 1 Bigiron Rx Switch | 2017-08-28 | 5.0 MEDIUM | N/A |
| Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet. | |||||
| CVE-2011-2776 | 1 Robert Luberda | 1 Super | 2017-08-28 | 4.4 MEDIUM | N/A |
| Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-2779 | 1 Hp | 7 Arcsight C1000 Appliance, Arcsight C1300 Appliance, Arcsight C3200 Appliance and 4 more | 2017-08-28 | 3.6 LOW | N/A |
| Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. | |||||