Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2226 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing. | |||||
| CVE-2011-2328 | 1 Hp | 1 Loadrunner | 2017-08-28 | 6.8 MEDIUM | N/A |
| Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives. | |||||
| CVE-2011-2329 | 1 Apache | 1 Rampart\/c | 2017-08-28 | 6.5 MEDIUM | N/A |
| The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730. | |||||
| CVE-2011-2331 | 1 Hp | 1 Intelligent Management Center | 2017-08-28 | 10.0 HIGH | N/A |
| Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field. | |||||
| CVE-2011-2380 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 5.0 MEDIUM | N/A |
| Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to determine the existence of private group names via a crafted parameter during (1) bug creation or (2) bug editing. | |||||
| CVE-2011-2381 | 1 Mozilla | 1 Bugzilla | 2017-08-28 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification. | |||||
| CVE-2011-2385 | 1 Otrs | 2 Iphonehandle, Otrs | 2017-08-28 | 6.5 MEDIUM | N/A |
| The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. | |||||
| CVE-2011-2391 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2017-08-28 | 6.1 MEDIUM | N/A |
| The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | |||||
| CVE-2011-2395 | 1 Cisco | 1 Ios | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | |||||
| CVE-2011-2397 | 1 Ironmountain | 1 Connected Backup | 2017-08-28 | 10.0 HIGH | N/A |
| The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method. | |||||
| CVE-2011-2399 | 1 Hp | 1 Data Protector | 2017-08-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2011-2400 | 1 Hp | 1 Sitescope | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2401 | 1 Hp | 1 Sitescope | 2017-08-28 | 8.3 HIGH | N/A |
| Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2011-2402 | 1 Hp | 1 Network Automation | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2403 | 1 Hp | 1 Network Automation | 2017-08-28 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-2423 | 1 Adobe | 1 Shockwave Player | 2017-08-28 | 10.0 HIGH | N/A |
| msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2011-2467 | 1 Likewise | 1 Likewise Open | 2017-08-28 | 5.8 MEDIUM | N/A |
| SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-2471 | 1 Maynard Johnson | 1 Oprofile | 2017-08-28 | 7.2 HIGH | N/A |
| utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760. | |||||
| CVE-2011-2472 | 1 Maynard Johnson | 1 Oprofile | 2017-08-28 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760. | |||||
| CVE-2011-2473 | 1 Maynard Johnson | 1 Oprofile | 2017-08-28 | 6.3 MEDIUM | N/A |
| The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. | |||||