CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12001 CVE-2011-2363 399 DoS Exec Code 2011-06-30 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
12002 CVE-2011-2344 310 +Priv 2011-07-08 2011-07-08
10.0
None Remote Low Not required Complete Complete Complete
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
12003 CVE-2011-2331 189 Exec Code Overflow 2011-06-02 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in img.exe in HP Intelligent Management Center (IMC) allows remote attackers to execute arbitrary code via a crafted length value in an a packet that triggers a heap-based buffer overflow, possibly related to an "recv" field.
12004 CVE-2011-2330 264 2011-06-02 2018-10-09
9.0
None Remote Low ??? Complete Complete Complete
Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.
12005 CVE-2011-2288 2011-07-21 2011-10-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM.
12006 CVE-2011-2261 2011-07-20 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.
12007 CVE-2011-2225 2011-08-23 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh.
12008 CVE-2011-2220 119 Exec Code Overflow 2011-07-14 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.
12009 CVE-2011-2217 119 DoS Exec Code Overflow Mem. Corr. 2011-06-06 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client (aka VMware Infrastructure Client) 2.0.2 before Build 230598 and 2.5 before Build 204931 in VMware Infrastructure 3, do not properly handle attempted initialization within Internet Explorer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document.
12010 CVE-2011-2214 Exec Code Mem. Corr. 2011-05-31 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Open Database Connectivity (ODBC) component in 7T Interactive Graphical SCADA System (IGSS) before 9.0.0.11143 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 20222, which triggers memory corruption related to an "invalid structure being used."
12011 CVE-2011-2194 189 DoS Exec Code Overflow 2011-06-24 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
12012 CVE-2011-2171 2011-05-24 2012-01-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors.
12013 CVE-2011-2164 2011-05-20 2011-05-24
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors.
12014 CVE-2011-2163 2011-05-20 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors.
12015 CVE-2011-2162 2011-05-20 2011-05-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
12016 CVE-2011-2160 20 2011-05-20 2011-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.
12017 CVE-2011-2159 2011-05-20 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.aspx, (5) App_Themes/Default/ButtonBarIcons.xml, (6) App_Themes/Default/Skin.xml, (7) Client/frmImportSettings.aspx, (8) Client/frmSeoSettings.aspx, (9) Services/Web.config, (10) aspnet_client/system_web/4_0_30319/, (11) clientaccesspolicy.xml, (12) cloudscan.exe, (13) crossdomain.xml, or (14) sitemap.xml. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
12018 CVE-2011-2158 2011-05-20 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
12019 CVE-2011-2148 78 Exec Code 2011-05-20 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an "OS command injection" issue.
12020 CVE-2011-2140 119 DoS Exec Code Overflow Mem. Corr. 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
12021 CVE-2011-2138 189 Exec Code Overflow 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.
12022 CVE-2011-2137 119 Exec Code Overflow 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.
12023 CVE-2011-2136 189 Exec Code Overflow 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.
12024 CVE-2011-2135 119 DoS Exec Code Overflow Mem. Corr. 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.
12025 CVE-2011-2134 119 Exec Code Overflow 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
12026 CVE-2011-2131 119 DoS Exec Code Overflow Mem. Corr. 2011-08-11 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file.
12027 CVE-2011-2130 119 Exec Code Overflow 2011-08-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
12028 CVE-2011-2128 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2127.
12029 CVE-2011-2127 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2124, and CVE-2011-2128.
12030 CVE-2011-2126 119 Exec Code Overflow 2011-06-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
12031 CVE-2011-2125 119 Exec Code Overflow 2011-06-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
12032 CVE-2011-2124 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2117, CVE-2011-2127, and CVE-2011-2128.
12033 CVE-2011-2123 189 Exec Code Overflow 2011-06-16 2011-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which triggers a heap-based buffer overflow.
12034 CVE-2011-2122 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119.
12035 CVE-2011-2121 189 Exec Code Overflow 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
12036 CVE-2011-2120 189 Exec Code Overflow 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the CursorAsset x32 component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors.
12037 CVE-2011-2119 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122.
12038 CVE-2011-2118 20 Exec Code 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to an "input validation vulnerability."
12039 CVE-2011-2117 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
12040 CVE-2011-2116 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2111 and CVE-2011-2115.
12041 CVE-2011-2115 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-12
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted tSAC chunk, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-2111 and CVE-2011-2116.
12042 CVE-2011-2114 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
12043 CVE-2011-2113 119 Exec Code Overflow 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
12044 CVE-2011-2112 119 Exec Code Overflow 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in IML32.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
12045 CVE-2011-2111 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2115 and CVE-2011-2116.
12046 CVE-2011-2110 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.
12047 CVE-2011-2109 189 Exec Code Overflow 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
12048 CVE-2011-2108 Exec Code 2011-06-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code via unspecified vectors, related to a "design flaw."
12049 CVE-2011-2106 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
12050 CVE-2011-2105 119 DoS Overflow Mem. Corr. 2011-06-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted font data.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.