CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2011-2103 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
102 CVE-2011-2102 Bypass 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.
103 CVE-2011-2101 94 Exec Code 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
104 CVE-2011-2100 +Priv 2011-06-16 2017-09-18
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.
105 CVE-2011-2099 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2098.
106 CVE-2011-2098 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2099.
107 CVE-2011-2097 119 Exec Code Overflow 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2095.
108 CVE-2011-2096 119 Exec Code Overflow 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
109 CVE-2011-2095 119 Exec Code Overflow 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2094 and CVE-2011-2097.
110 CVE-2011-2094 119 Exec Code Overflow 2011-06-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2095 and CVE-2011-2097.
111 CVE-2011-2093 20 DoS 2011-06-16 2017-08-28
5.0
None Remote Low Not required None None Partial
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."
112 CVE-2011-2092 20 2011-06-16 2011-09-06
10.0
None Remote Low Not required Complete Complete Complete
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of (1) AMF and (2) AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a "deserialization vulnerability."
113 CVE-2011-2091 DoS 2011-06-16 2017-08-28
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to cause a denial of service via unknown vectors.
114 CVE-2011-2041 264 +Priv 2011-06-02 2011-09-06
7.2
None Local Low Not required Complete Complete Complete
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.
115 CVE-2011-2040 20 Exec Code 2011-06-02 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.
116 CVE-2011-2039 20 Exec Code 2011-06-02 2017-08-28
7.6
None Remote High Not required Complete Complete Complete
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
117 CVE-2011-2024 255 2011-06-02 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627.
118 CVE-2011-1959 119 DoS Overflow 2011-06-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.
119 CVE-2011-1958 DoS 2011-06-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file.
120 CVE-2011-1957 399 DoS 2011-06-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length.
121 CVE-2011-1956 DoS 2011-06-06 2017-09-18
4.3
None Remote Medium Not required None None Partial
The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic.
122 CVE-2011-1954 352 CSRF 2011-06-06 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php.
123 CVE-2011-1953 79 XSS 2011-06-06 2018-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, an (8) OL, a (9) VIDEO, or a (10) BLOCKQUOTE element.
124 CVE-2011-1952 399 DoS 2011-06-06 2018-10-09
5.0
None Remote Low Not required None None Partial
common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service (infinite loop) via malformed HTML markup, as demonstrated by an a< sequence.
125 CVE-2011-1950 264 2011-06-06 2018-10-09
5.5
None Remote Low Single system None Partial Partial
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
126 CVE-2011-1949 79 XSS 2011-06-06 2018-10-09
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422.
127 CVE-2011-1948 79 XSS 2011-06-06 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
128 CVE-2011-1947 399 DoS 2011-06-02 2018-10-09
5.0
None Remote Low Not required None None Partial
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.
129 CVE-2011-1943 200 +Info 2011-06-14 2017-08-16
2.1
None Local Low Not required Partial None None
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
130 CVE-2011-1924 119 DoS Overflow 2011-06-14 2011-06-30
5.0
None Remote Low Not required None None Partial
Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.
131 CVE-2011-1921 264 +Info 2011-06-06 2017-09-18
4.3
None Remote Medium Not required Partial None None
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
132 CVE-2011-1908 189 DoS Exec Code Overflow 2011-06-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.
133 CVE-2011-1894 79 XSS 2011-06-16 2018-10-30
4.3
None Remote Medium Not required None Partial None
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
134 CVE-2011-1889 119 Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
135 CVE-2011-1873 20 Exec Code 2011-06-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
136 CVE-2011-1872 399 DoS 2011-06-16 2018-10-12
4.7
None Local Medium Not required None None Complete
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
137 CVE-2011-1869 399 DoS 2011-06-16 2018-10-30
7.8
None Remote Low Not required None None Complete
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
138 CVE-2011-1868 119 Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
139 CVE-2011-1864 Exec Code 2011-06-14 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.
140 CVE-2011-1863 94 2011-06-14 2017-08-16
7.5
None Remote Medium Single system Complete Partial Partial
HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.
141 CVE-2011-1862 79 XSS 2011-06-14 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
142 CVE-2011-1861 +Info 2011-06-14 2017-08-16
8.3
None Remote Medium Not required Complete Partial Partial
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.
143 CVE-2011-1860 2011-06-14 2017-08-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.
144 CVE-2011-1859 +Info 2011-06-14 2017-08-16
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.
145 CVE-2011-1858 Bypass 2011-06-14 2017-08-16
4.3
None Local Low Single system Partial Partial Partial
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.
146 CVE-2011-1857 Bypass 2011-06-14 2017-08-16
8.2
None Remote Medium Single system Partial Complete Complete
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
147 CVE-2011-1823 189 Exec Code +Priv Mem. Corr. Bypass 2011-06-09 2017-08-16
7.2
Admin Local Low Not required Complete Complete Complete
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
148 CVE-2011-1819 2011-06-09 2017-09-18
5.0
None Remote Low Not required None Partial None
Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.
149 CVE-2011-1818 399 DoS 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
150 CVE-2011-1817 119 DoS Overflow Mem. Corr. 2011-06-09 2017-09-18
5.0
None Remote Low Not required None None Partial
Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Total number of vulnerabilities : 294   Page : 1 2 3 (This Page)4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.