CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9501 CVE-2011-1018 20 Exec Code 2011-02-25 2014-02-11
10.0
None Remote Low Not required Complete Complete Complete
logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.
9502 CVE-2011-0994 119 Exec Code Overflow 2011-04-09 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
9503 CVE-2011-0985 20 2011-02-10 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.
9504 CVE-2011-0983 20 DoS 2011-02-10 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
9505 CVE-2011-0982 399 DoS 2011-02-10 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces.
9506 CVE-2011-0981 20 DoS 2011-02-10 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
9507 CVE-2011-0980 264 Exec Code 2011-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
9508 CVE-2011-0979 20 Exec Code 2011-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."
9509 CVE-2011-0978 119 Exec Code Overflow 2011-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."
9510 CVE-2011-0977 399 Exec Code 2011-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
9511 CVE-2011-0976 264 DoS Exec Code Mem. Corr. 2011-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."
9512 CVE-2011-0975 119 Exec Code Overflow 2011-02-10 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.
9513 CVE-2011-0935 310 Bypass 2011-04-14 2011-04-20
10.0
None Remote Low Not required Complete Complete Complete
The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.
9514 CVE-2011-0926 20 Exec Code 2011-02-25 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
9515 CVE-2011-0925 20 2011-02-28 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.
9516 CVE-2011-0924 20 Exec Code 2011-02-08 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.
9517 CVE-2011-0923 20 Exec Code 2011-02-08 2016-08-22
10.0
None Remote Low Not required Complete Complete Complete
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
9518 CVE-2011-0922 20 Exec Code 2011-02-08 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
9519 CVE-2011-0921 20 Exec Code 2011-02-08 2016-08-22
10.0
None Remote Low Not required Complete Complete Complete
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
9520 CVE-2011-0920 287 Exec Code Bypass 2011-02-08 2011-02-14
9.3
None Remote Medium Not required Complete Complete Complete
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
9521 CVE-2011-0919 119 Exec Code Overflow 2011-02-08 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ.
9522 CVE-2011-0918 119 Exec Code Overflow 2011-02-08 2011-02-23
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.
9523 CVE-2011-0917 119 1 Exec Code Overflow 2011-02-08 2011-02-25
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
9524 CVE-2011-0916 119 Exec Code Overflow 2011-02-08 2011-02-23
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H.
9525 CVE-2011-0915 119 Exec Code Overflow 2011-02-08 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23.
9526 CVE-2011-0914 189 Exec Code Overflow 2011-02-08 2011-02-23
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow.
9527 CVE-2011-0913 119 Exec Code Overflow 2011-02-08 2011-02-23
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.
9528 CVE-2011-0912 20 Exec Code 2011-02-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.
9529 CVE-2011-0889 Exec Code 2011-03-16 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors.
9530 CVE-2011-0885 255 1 2011-02-08 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.
9531 CVE-2011-0873 2011-06-14 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
9532 CVE-2011-0871 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
9533 CVE-2011-0864 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.
9534 CVE-2011-0863 2011-06-14 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
9535 CVE-2011-0862 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
9536 CVE-2011-0817 2011-06-14 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
9537 CVE-2011-0815 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.
9538 CVE-2011-0814 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.
9539 CVE-2011-0807 2011-04-19 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
9540 CVE-2011-0802 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.
9541 CVE-2011-0784 362 Exec Code 2011-02-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
9542 CVE-2011-0780 DoS 2011-02-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
9543 CVE-2011-0777 399 DoS 2011-02-04 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading.
9544 CVE-2011-0758 189 DoS Exec Code Overflow 2011-02-10 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow.
9545 CVE-2011-0742 119 Exec Code Overflow 2011-02-01 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.
9546 CVE-2011-0732 2011-02-01 2011-02-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs."
9547 CVE-2011-0724 310 +Priv 2011-02-18 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges.
9548 CVE-2011-0694 Exec Code 2011-02-21 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.
9549 CVE-2011-0688 287 Exec Code 2011-01-31 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.
9550 CVE-2011-0682 119 DoS Exec Code Overflow Mem. Corr. 2011-01-31 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.