Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513.
Max CVSS
4.3
EPSS Score
0.25%
Published
2011-06-30
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511.
Max CVSS
4.3
EPSS Score
0.25%
Published
2011-06-30
Updated
2017-08-29
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Max CVSS
4.3
EPSS Score
0.76%
Published
2011-06-30
Updated
2017-09-19
The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
Max CVSS
7.1
EPSS Score
0.23%
Published
2011-06-30
Updated
2011-07-12
The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
Max CVSS
7.1
EPSS Score
0.23%
Published
2011-06-30
Updated
2011-07-12
The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
Max CVSS
7.1
EPSS Score
0.23%
Published
2011-06-30
Updated
2011-07-12
The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.
Max CVSS
7.1
EPSS Score
0.14%
Published
2011-06-30
Updated
2011-07-12
The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.
Max CVSS
7.1
EPSS Score
0.44%
Published
2011-06-30
Updated
2011-07-12
Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
Max CVSS
4.3
EPSS Score
0.25%
Published
2011-06-30
Updated
2017-09-19
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory.
Max CVSS
4.3
EPSS Score
0.47%
Published
2011-06-30
Updated
2017-09-19
Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.
Max CVSS
7.8
EPSS Score
0.04%
Published
2011-06-22
Updated
2020-07-27
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-06-22
Updated
2017-08-29
The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data.
Max CVSS
5.0
EPSS Score
0.28%
Published
2011-06-22
Updated
2011-06-28
Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.
Max CVSS
4.3
EPSS Score
0.32%
Published
2011-06-22
Updated
2011-06-28
Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.
Max CVSS
9.3
EPSS Score
1.41%
Published
2011-06-22
Updated
2018-04-10
The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.
Max CVSS
4.9
EPSS Score
0.04%
Published
2011-06-24
Updated
2020-07-27
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.
Max CVSS
2.6
EPSS Score
0.13%
Published
2011-06-14
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-4667.
Max CVSS
4.3
EPSS Score
0.25%
Published
2011-06-14
Updated
2017-08-29
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging.
Max CVSS
10.0
EPSS Score
0.83%
Published
2011-06-09
Updated
2011-06-14

CVE-2011-2474

Public exploit
Directory traversal vulnerability in the HTTP Server in Sybase EAServer 6.3.1 Developer Edition allows remote attackers to read arbitrary files via a /.\../\../\ sequence in a path.
Max CVSS
5.0
EPSS Score
3.53%
Published
2011-06-09
Updated
2011-06-14
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
Max CVSS
6.3
EPSS Score
0.04%
Published
2011-06-09
Updated
2017-08-29
Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760.
Max CVSS
6.3
EPSS Score
0.04%
Published
2011-06-09
Updated
2017-08-29
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
Max CVSS
7.2
EPSS Score
0.04%
Published
2011-06-09
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php in A Really Simple Chat (ARSC) 3.3-rc2 allows remote attackers to inject arbitrary web script or HTML via the arsc_message parameter.
Max CVSS
4.3
EPSS Score
0.50%
Published
2011-06-29
Updated
2011-06-30
Directory traversal vulnerability in the web interface in AnyMacro Mail System G4X allows remote attackers to read arbitrary files via directory traversal sequences in a request.
Max CVSS
5.0
EPSS Score
0.18%
Published
2011-06-09
Updated
2012-04-25
294 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!