Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2145 | 3 Freebsd, Oracle, Vmware | 7 Freebsd, Solaris, Esx and 4 more | 2017-08-29 | 6.3 MEDIUM | N/A |
| mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error." | |||||
| CVE-2010-5146 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2017-08-29 | 2.1 LOW | N/A |
| The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files. | |||||
| CVE-2011-2547 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2017-08-29 | 9.0 HIGH | N/A |
| The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. | |||||
| CVE-2011-2165 | 1 Watchguard | 1 Xcs | 2017-08-29 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
| CVE-2011-2143 | 1 Ibm | 1 Datacap Taskmaster Capture | 2017-08-29 | 6.8 MEDIUM | N/A |
| IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. | |||||
| CVE-2011-3006 | 1 Mcafee | 1 Saas Endpoint Protection | 2017-08-29 | 6.8 MEDIUM | N/A |
| The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks. | |||||
| CVE-2011-2677 | 1 Cybozu | 1 Office | 2017-08-29 | 5.5 MEDIUM | N/A |
| Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | |||||
| CVE-2011-2385 | 1 Otrs | 2 Iphonehandle, Otrs | 2017-08-29 | 6.5 MEDIUM | N/A |
| The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. | |||||
| CVE-2011-2157 | 1 Smartertools | 1 Smarterstats | 2017-08-29 | 5.0 MEDIUM | N/A |
| The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. | |||||
| CVE-2011-2760 | 1 Brocade | 1 Bigiron Rx Switch | 2017-08-29 | 5.0 MEDIUM | N/A |
| Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet. | |||||
| CVE-2010-5078 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 5.0 MEDIUM | N/A |
| SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version. | |||||
| CVE-2011-2584 | 1 Cisco | 1 Show And Share | 2017-08-29 | 7.5 HIGH | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758. | |||||
| CVE-2011-2779 | 1 Hp | 7 Arcsight C1000 Appliance, Arcsight C1300 Appliance, Arcsight C3200 Appliance and 4 more | 2017-08-29 | 3.6 LOW | N/A |
| Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. | |||||
| CVE-2011-2147 | 1 Openswan | 1 Openswan | 2017-08-29 | 3.6 LOW | N/A |
| Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784. | |||||
| CVE-2011-2329 | 1 Apache | 1 Rampart\/c | 2017-08-29 | 6.5 MEDIUM | N/A |
| The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730. | |||||
| CVE-2015-4082 | 1 Attic Project | 1 Attic | 2017-08-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | |||||
| CVE-2016-5867 | 1 Google | 1 Android | 2017-08-20 | 7.6 HIGH | 7.0 HIGH |
| In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | |||||
| CVE-2016-5863 | 1 Google | 1 Android | 2017-08-20 | 9.3 HIGH | 7.8 HIGH |
| In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. | |||||
| CVE-2016-5864 | 1 Google | 1 Android | 2017-08-20 | 9.3 HIGH | 7.8 HIGH |
| In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | |||||
| CVE-2016-5860 | 1 Google | 1 Android | 2017-08-20 | 7.6 HIGH | 7.0 HIGH |
| In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. | |||||