Security Vulnerabilities, CVEs, Published In March 2011 CVSS score >= 7
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
Max CVSS
7.2
EPSS Score
0.05%
Published
2011-03-25
Updated
2018-10-09
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
Max CVSS
10.0
EPSS Score
7.67%
Published
2011-03-25
Updated
2018-10-09
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2.
Max CVSS
10.0
EPSS Score
0.45%
Published
2011-03-22
Updated
2017-08-17
The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.
Max CVSS
7.2
EPSS Score
0.16%
Published
2011-03-29
Updated
2017-08-17
EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
Max CVSS
7.2
EPSS Score
0.06%
Published
2011-03-28
Updated
2018-10-09
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
Max CVSS
8.8
EPSS Score
2.86%
Published
2011-03-10
Updated
2021-07-23
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
Max CVSS
9.3
EPSS Score
17.19%
Published
2011-03-10
Updated
2021-07-23
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
94.95%
Published
2011-03-10
Updated
2021-07-23
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
Max CVSS
7.5
EPSS Score
0.26%
Published
2011-03-09
Updated
2017-08-17
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.17%
Published
2011-03-08
Updated
2011-04-07
Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.12%
Published
2011-03-08
Updated
2017-08-17
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Max CVSS
7.5
EPSS Score
1.46%
Published
2011-03-25
Updated
2020-05-29
WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.90%
Published
2011-03-25
Updated
2020-05-29
Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Max CVSS
7.5
EPSS Score
1.07%
Published
2011-03-25
Updated
2020-05-29
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.98%
Published
2011-03-25
Updated
2020-05-29
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
1.81%
Published
2011-03-25
Updated
2020-05-29
Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."
Max CVSS
7.5
EPSS Score
2.83%
Published
2011-03-25
Updated
2020-05-29
Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
Max CVSS
10.0
EPSS Score
33.82%
Published
2011-03-11
Updated
2018-10-09
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger incorrect access to memory.
Max CVSS
7.5
EPSS Score
1.20%
Published
2011-03-11
Updated
2020-06-04
The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
1.20%
Published
2011-03-11
Updated
2020-06-03
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Max CVSS
7.5
EPSS Score
0.98%
Published
2011-03-11
Updated
2020-06-03
The context implementation in WebKit, as used in Google Chrome before 10.0.648.127, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Max CVSS
7.5
EPSS Score
1.26%
Published
2011-03-11
Updated
2020-06-04
Google Chrome before 10.0.648.127 does not properly handle DataView objects, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
7.5
EPSS Score
1.14%
Published
2011-03-11
Updated
2020-06-03
The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."
Max CVSS
7.5
EPSS Score
2.53%
Published
2011-03-11
Updated
2020-06-03
Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
Max CVSS
7.5
EPSS Score
2.14%
Published
2011-03-11
Updated
2020-06-03