CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2011 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-2604 399 DoS 2011-06-30 2011-07-12
7.1
None Remote Medium Not required None None Complete
The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
2 CVE-2011-2603 399 DoS 2011-06-30 2011-07-12
7.1
None Remote Medium Not required None None Complete
The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attackers to cause a denial of service (desktop hang) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
3 CVE-2011-2602 399 DoS 2011-06-30 2011-07-12
7.1
None Remote Medium Not required None None Complete
The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
4 CVE-2011-2601 264 DoS 2011-06-30 2011-07-12
7.1
None Remote Medium Not required None None Complete
The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.
5 CVE-2011-2600 264 DoS 2011-06-30 2011-07-12
7.1
None Remote Medium Not required None None Complete
The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.
6 CVE-2011-2530 119 DoS Exec Code Overflow 2011-06-22 2018-04-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.
7 CVE-2011-2475 134 Exec Code 2011-06-09 2011-06-14
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging.
8 CVE-2011-2471 264 +Priv 2011-06-09 2017-08-28
7.2
None Local Low Not required Complete Complete Complete
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760.
9 CVE-2011-2386 94 1 Exec Code 2011-06-08 2012-04-27
9.3
None Remote Medium Not required Complete Complete Complete
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.
10 CVE-2011-2376 DoS Exec Code Mem. Corr. 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11 CVE-2011-2375 DoS Exec Code Mem. Corr. 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
12 CVE-2011-2374 DoS Exec Code Mem. Corr. 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
13 CVE-2011-2373 399 Exec Code 2011-06-30 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
14 CVE-2011-2371 189 Exec Code Overflow 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
15 CVE-2011-2368 264 DoS Exec Code 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
16 CVE-2011-2365 DoS Exec Code Mem. Corr. 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.
17 CVE-2011-2364 DoS Exec Code Mem. Corr. 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.
18 CVE-2011-2363 399 DoS Exec Code 2011-06-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
19 CVE-2011-2351 399 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
20 CVE-2011-2350 20 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The HTML parser in Google Chrome before 12.0.742.112 does not properly address "lifetime and re-entrancy issues," which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
21 CVE-2011-2349 399 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text selection.
22 CVE-2011-2348 20 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 12.0.742.112, performs an incorrect bounds check, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
23 CVE-2011-2347 119 DoS Overflow Mem. Corr. 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
24 CVE-2011-2346 399 DoS 2011-06-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG fonts.
25 CVE-2011-2342 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
26 CVE-2011-2332 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
27 CVE-2011-2331 189 Exec Code Overflow 2011-06-02 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field.
28 CVE-2011-2330 264 2011-06-02 2018-10-09
9.0
None Remote Low Single system Complete Complete Complete
Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.
29 CVE-2011-2217 119 DoS Exec Code Overflow Mem. Corr. 2011-06-06 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
30 CVE-2011-2194 189 DoS Exec Code Overflow 2011-06-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
31 CVE-2011-2193 119 Overflow +Priv 2011-06-24 2018-10-09
8.5
None Remote Medium Single system Complete Complete Complete
Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff.
32 CVE-2011-2181 89 Exec Code Sql 2011-06-29 2011-06-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edit_room.php.
33 CVE-2011-2128 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2127.
34 CVE-2011-2127 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2128.
35 CVE-2011-2126 119 Exec Code Overflow 2011-06-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
36 CVE-2011-2125 119 Exec Code Overflow 2011-06-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
37 CVE-2011-2124 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2127, and CVE-2011-2128.
38 CVE-2011-2123 189 Exec Code Overflow 2011-06-16 2011-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow.
39 CVE-2011-2122 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119.
40 CVE-2011-2121 189 Exec Code Overflow 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
41 CVE-2011-2120 189 Exec Code Overflow 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
42 CVE-2011-2119 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122.
43 CVE-2011-2118 20 Exec Code 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability."
44 CVE-2011-2117 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
45 CVE-2011-2116 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2111 and CVE-2011-2115.
46 CVE-2011-2115 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-12
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted tSAC chunk, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-2111 and CVE-2011-2116.
47 CVE-2011-2114 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
48 CVE-2011-2113 119 Exec Code Overflow 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
49 CVE-2011-2112 119 Exec Code Overflow 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in IML32.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
50 CVE-2011-2111 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2115 and CVE-2011-2116.
Total number of vulnerabilities : 149   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.