Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1602 | 1 Cisco | 15 Skinny Client Control Protocol Software, Unified Ip Phone 7906, Unified Ip Phone 7911g and 12 more | 2011-11-22 | 6.6 MEDIUM | N/A |
| The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. | |||||
| CVE-2008-7303 | 1 Apple | 1 Mac Os X | 2011-11-21 | 7.6 HIGH | N/A |
| The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. | |||||
| CVE-2011-3993 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2011-11-16 | 5.5 MEDIUM | N/A |
| SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors. | |||||
| CVE-2011-3440 | 1 Apple | 2 Ipad2, Iphone Os | 2011-11-15 | 1.2 LOW | N/A |
| The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | |||||
| CVE-2011-4118 | 1 Mahara | 1 Mahara | 2011-11-15 | 6.0 MEDIUM | N/A |
| Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target. | |||||
| CVE-2011-4030 | 1 Plone | 2 Cmfeditions, Plone | 2011-10-30 | 9.3 HIGH | N/A |
| The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587. | |||||
| CVE-2011-1603 | 1 Cisco | 15 Skinny Client Control Protocol Software, Unified Ip Phone 7906, Unified Ip Phone 7911g and 12 more | 2011-10-27 | 6.6 MEDIUM | N/A |
| Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. | |||||
| CVE-2011-1898 | 1 Citrix | 1 Xen | 2011-10-26 | 7.4 HIGH | N/A |
| Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." | |||||
| CVE-2011-1484 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Soa Platform, Jboss Seam 2 Framework | 2011-10-26 | 6.8 MEDIUM | N/A |
| jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. | |||||
| CVE-2006-3815 | 1 Linux-ha | 1 Heartbeat | 2011-10-17 | 2.1 LOW | N/A |
| heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup. | |||||
| CVE-2006-4302 | 1 Sun | 2 J2se, Java Web Start | 2011-10-11 | 5.0 MEDIUM | N/A |
| The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities. | |||||
| CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2011-10-06 | 9.3 HIGH | N/A |
| Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | |||||
| CVE-2011-2745 | 1 Chyrp | 1 Chyrp | 2011-09-22 | 6.5 MEDIUM | N/A |
| upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/. | |||||
| CVE-2011-2201 | 2 Mark Stosberg, Perl | 2 Data\, Perl | 2011-09-14 | 4.3 MEDIUM | N/A |
| The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. | |||||
| CVE-2011-2041 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2011-09-07 | 7.2 HIGH | N/A |
| The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. | |||||
| CVE-2011-1738 | 1 Hp | 1 Palm Webos | 2011-09-07 | 7.2 HIGH | N/A |
| HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access. | |||||
| CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2011-09-07 | 7.2 HIGH | N/A |
| GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||||
| CVE-2011-1022 | 1 Balbir Singh | 1 Libcgroup | 2011-09-07 | 2.1 LOW | N/A |
| The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. | |||||
| CVE-2010-3707 | 1 Dovecot | 1 Dovecot | 2011-08-27 | 5.5 MEDIUM | N/A |
| plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. | |||||
| CVE-2010-1386 | 1 Apple | 1 Webkit | 2011-08-23 | 10.0 HIGH | N/A |
| page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. | |||||