CVE List - 2011 / June
Showing 1 - 100 of 294 CVEs for June 2011 (Page 1 of 3)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2011-1947 | 2011-06-02 | fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service... |
| CVE-2011-2039 | 2011-06-02 | The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its... |
| CVE-2011-2040 | 2011-06-02 | The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file... |
| CVE-2011-1026 | 2011-06-02 | Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators. |
| CVE-2011-1077 | 2011-06-02 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1220 | 2011-06-02 | Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts... |
| CVE-2011-1602 | 2011-06-02 | The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. |
| CVE-2011-1603 | 2011-06-02 | Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. |
| CVE-2011-1623 | 2011-06-02 | Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1)... |
| CVE-2011-1637 | 2011-06-02 | Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a... |
| CVE-2011-2024 | 2011-06-02 | Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. |
| CVE-2011-2041 | 2011-06-02 | The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges... |
| CVE-2011-2328 | 2011-06-02 | Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with... |
| CVE-2011-2329 | 2011-06-02 | The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an... |
| CVE-2011-2330 | 2011-06-02 | Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send... |
| CVE-2011-2331 | 2011-06-02 | Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based... |
| CVE-2009-4008 | 2011-06-02 | Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted... |
| CVE-2011-2383 | 2011-06-03 | Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a... |
| CVE-2011-2382 | 2011-06-03 | Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving... |
| CVE-2011-0082 | 2011-06-06 | The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an... |
| CVE-2011-0767 | 2011-06-06 | Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web... |
| CVE-2011-1178 | 2011-06-06 | Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service... |
| CVE-2011-1752 | 2011-06-06 | The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)... |
| CVE-2011-1783 | 2011-06-06 | The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause... |
| CVE-2011-1787 | 2011-06-06 | Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi... |
| CVE-2011-1921 | 2011-06-06 | The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions... |
| CVE-2011-1948 | 2011-06-06 | Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2011-1949 | 2011-06-06 | Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a... |
| CVE-2011-1950 | 2011-06-06 | plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011. |
| CVE-2011-1952 | 2011-06-06 | common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence. |
| CVE-2011-1953 | 2011-06-06 | Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a... |
| CVE-2011-1954 | 2011-06-06 | Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3)... |
| CVE-2011-1956 | 2011-06-06 | The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP... |
| CVE-2011-1957 | 2011-06-06 | The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via... |
| CVE-2011-1958 | 2011-06-06 | Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. |
| CVE-2011-1959 | 2011-06-06 | The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of... |
| CVE-2011-2145 | 2011-06-06 | mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1,... |
| CVE-2011-2146 | 2011-06-06 | mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1,... |
| CVE-2011-2174 | 2011-06-06 | Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via... |
| CVE-2011-2175 | 2011-06-06 | Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a... |
| CVE-2011-2216 | 2011-06-06 | reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer... |
| CVE-2011-2217 | 2011-06-06 | Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and... |
| CVE-2011-1711 | 2011-06-07 | Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer 1.0.x, and 1.1.x through 1.1.1 build 428, allows remote authenticated users to access the accounts of other... |
| CVE-2011-2107 | 2011-06-07 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary... |
| CVE-2011-2395 | 2011-06-07 | The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the... |
| CVE-2011-2468 | 2011-06-07 | Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request. |
| CVE-2009-5076 | 2011-06-08 | CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended... |
| CVE-2010-4663 | 2011-06-08 | Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors. |
| CVE-2011-1584 | 2011-06-08 | The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code... |
| CVE-2011-2386 | 2011-06-08 | VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type... |
| CVE-2009-5077 | 2011-06-08 | CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php... |
| CVE-2010-4804 | 2011-06-09 | The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. |
| CVE-2011-1823 | 2011-06-09 | The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and... |
| CVE-2011-1699 | 2011-06-09 | Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url. |
| CVE-2011-1700 | 2011-06-09 | Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url. |
| CVE-2011-1701 | 2011-06-09 | Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url. |
| CVE-2011-1702 | 2011-06-09 | Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url. |
| CVE-2011-1703 | 2011-06-09 | Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url. |
| CVE-2011-1704 | 2011-06-09 | Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url. |
| CVE-2011-1705 | 2011-06-09 | Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url. |
| CVE-2011-1706 | 2011-06-09 | Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url. |
| CVE-2011-1707 | 2011-06-09 | Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url. |
| CVE-2011-1760 | 2011-06-09 | utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument. |
| CVE-2011-1808 | 2011-06-09 | Use-after-free vulnerability in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to incorrect integer calculations during... |
| CVE-2011-1809 | 2011-06-09 | Use-after-free vulnerability in the accessibility feature in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
| CVE-2011-1810 | 2011-06-09 | The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified... |
| CVE-2011-1811 | 2011-06-09 | Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2011-1812 | 2011-06-09 | Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions. |
| CVE-2011-1813 | 2011-06-09 | Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown... |
| CVE-2011-1814 | 2011-06-09 | Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown... |
| CVE-2011-1815 | 2011-06-09 | Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions. |
| CVE-2011-1816 | 2011-06-09 | Use-after-free vulnerability in the developer tools in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
| CVE-2011-1817 | 2011-06-09 | Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown... |
| CVE-2011-1818 | 2011-06-09 | Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
| CVE-2011-1819 | 2011-06-09 | Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions. |
| CVE-2011-2332 | 2011-06-09 | Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |
| CVE-2011-2342 | 2011-06-09 | The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |
| CVE-2011-1708 | 2011-06-09 | Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie. |
| CVE-2011-2471 | 2011-06-09 | utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc... |
| CVE-2011-2472 | 2011-06-09 | Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the... |
| CVE-2011-2473 | 2011-06-09 | The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink... |
| CVE-2011-2474 | 2011-06-09 | Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path. |
| CVE-2011-2475 | 2011-06-09 | Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows... |
| CVE-2011-1709 | 2011-06-14 | GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain... |
| CVE-2011-1857 | 2011-06-14 | Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors. |
| CVE-2011-1858 | 2011-06-14 | Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors. |
| CVE-2011-1859 | 2011-06-14 | Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors. |
| CVE-2011-1860 | 2011-06-14 | Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors. |
| CVE-2011-1861 | 2011-06-14 | Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors. |
| CVE-2011-1862 | 2011-06-14 | Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1863 | 2011-06-14 | HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors. |
| CVE-2011-1864 | 2011-06-14 | Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2011-1943 | 2011-06-14 | The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive... |
| CVE-2011-2179 | 2011-06-14 | Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2011-2476 | 2011-06-14 | Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667. |
| CVE-2011-2477 | 2011-06-14 | Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript... |
| CVE-2010-4667 | 2011-06-14 | Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1924 | 2011-06-14 | Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers... |
| CVE-2011-0786 | 2011-06-14 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and... |
| CVE-2011-0788 | 2011-06-14 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and... |