CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9401 CVE-2011-3247 189 DoS Exec Code Overflow 2011-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
9402 CVE-2011-3232 94 DoS Exec Code 2011-09-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
9403 CVE-2011-3219 119 DoS Exec Code Overflow 2011-10-12 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
9404 CVE-2011-3211 20 Exec Code 2011-09-16 2011-09-22
9.3
None Remote Medium Not required Complete Complete Complete
The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.
9405 CVE-2011-3194 119 DoS Exec Code Overflow 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
9406 CVE-2011-3193 119 DoS Exec Code Overflow 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
9407 CVE-2011-3191 189 DoS Mem. Corr. 2012-05-24 2012-05-25
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.
9408 CVE-2011-3185 20 2011-08-29 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
9409 CVE-2011-3176 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
9410 CVE-2011-3175 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
9411 CVE-2011-3172 264 2018-06-08 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to 12.
9412 CVE-2011-3167 Exec Code 2011-11-02 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
9413 CVE-2011-3166 Exec Code 2011-11-02 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
9414 CVE-2011-3165 Exec Code 2011-11-02 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
9415 CVE-2011-3162 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296.
9416 CVE-2011-3161 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.
9417 CVE-2011-3160 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1228.
9418 CVE-2011-3159 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227.
9419 CVE-2011-3158 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226.
9420 CVE-2011-3157 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225.
9421 CVE-2011-3156 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1222.
9422 CVE-2011-3143 399 DoS Exec Code Mem. Corr. 2011-08-16 2018-12-31
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
9423 CVE-2011-3142 119 1 Exec Code Overflow 2011-08-16 2012-03-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.
9424 CVE-2011-3141 119 DoS Exec Code Overflow 2011-08-16 2012-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
9425 CVE-2011-3137 2011-08-12 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050.
9426 CVE-2011-3136 2011-08-12 2012-04-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048.
9427 CVE-2011-3135 2011-08-12 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors.
9428 CVE-2011-3129 264 2011-08-10 2016-05-31
9.3
None Remote Medium Not required Complete Complete Complete
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
9429 CVE-2011-3125 2011-08-10 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."
9430 CVE-2011-3122 2011-08-10 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."
9431 CVE-2011-3108 399 Exec Code 2012-05-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
9432 CVE-2011-3106 119 DoS Exec Code Overflow Mem. Corr. 2012-05-24 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
9433 CVE-2011-3101 2012-05-15 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.
9434 CVE-2011-3099 399 DoS 2012-05-15 2017-12-04
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
9435 CVE-2011-3097 20 DoS 2012-05-15 2017-12-04
10.0
None Remote Low Not required Complete Complete Complete
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
9436 CVE-2011-3095 20 DoS 2012-05-15 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
9437 CVE-2011-3092 20 DoS 2012-05-15 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
9438 CVE-2011-3091 399 DoS 2012-05-15 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
9439 CVE-2011-3089 399 DoS 2012-05-15 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
9440 CVE-2011-3087 2012-05-15 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
9441 CVE-2011-3086 399 DoS 2012-05-15 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
9442 CVE-2011-3081 399 DoS 2012-05-01 2017-12-06
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
9443 CVE-2011-3079 399 2012-05-01 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
9444 CVE-2011-3078 399 DoS 2012-05-01 2017-12-06
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
9445 CVE-2011-3063 20 2012-03-30 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.
9446 CVE-2011-3047 119 DoS Exec Code Overflow Mem. Corr. 2012-03-10 2018-01-12
10.0
None Remote Low Not required Complete Complete Complete
The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism.
9447 CVE-2011-3046 20 Exec Code XSS 2012-03-08 2018-01-12
10.0
None Remote Low Not required Complete Complete Complete
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
9448 CVE-2011-3012 20 Exec Code 2011-08-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.
9449 CVE-2011-3005 119 DoS Exec Code Overflow 2011-09-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.
9450 CVE-2011-3003 119 DoS Exec Code Overflow 2011-09-28 2018-11-29
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.