LanGuard reports



Supported OVAL Bulletins


More information on 2015 updates



ID:
OVAL14634
Title:
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka...
Type:
Software
Bulletins:
OVAL14634
CVE-2011-1213
Severity:
Low
Description:
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14348
Title:
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share...
Type:
Software
Bulletins:
OVAL14348
CVE-2011-0912
Severity:
Low
Description:
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14822
Title:
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party...
Type:
Software
Bulletins:
OVAL14822
CVE-2011-1217
Severity:
Low
Description:
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14489
Title:
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of...
Type:
Software
Bulletins:
OVAL14489
CVE-2010-1608
Severity:
Low
Description:
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14203
Title:
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR...
Type:
Software
Bulletins:
OVAL14203
CVE-2011-1512
Severity:
Low
Description:
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14309
Title:
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.
Type:
Software
Bulletins:
OVAL14309
CVE-2011-1214
Severity:
Low
Description:
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14650
Title:
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
Type:
Software
Bulletins:
OVAL14650
CVE-2011-1215
Severity:
Low
Description:
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14238
Title:
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are...
Type:
Software
Bulletins:
OVAL14238
CVE-2011-1218
Severity:
Low
Description:
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL13796
Title:
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.
Type:
Software
Bulletins:
OVAL13796
CVE-2011-1216
Severity:
Low
Description:
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14725
Title:
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
Type:
Software
Bulletins:
OVAL14725
CVE-2010-1487
Severity:
Low
Description:
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.
Applies to:
Lotus Notes
Created:
2011-12-16
Updated:
2015-06-15

ID:
OVAL14405
Title:
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis...
Type:
Web
Bulletins:
OVAL14405
CVE-2011-4693
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the first of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Applies to:
Adobe Flash Player
Created:
2011-12-09
Updated:
2015-08-03

ID:
OVAL14539
Title:
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis...
Type:
Web
Bulletins:
OVAL14539
CVE-2011-4694
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as demonstrated by the second of two vulnerabilities exploited by the Intevydis vd_adobe_fp module in VulnDisco Step Ahead (SA). NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Applies to:
Adobe Flash Player
Created:
2011-12-09
Updated:
2015-08-03

ID:
OVAL14475
Title:
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors....
Type:
Software
Bulletins:
OVAL14475
CVE-2010-3548
Severity:
Low
Description:
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14119
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
OVAL14119
CVE-2010-4473
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13552
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java...
Type:
Software
Bulletins:
OVAL13552
CVE-2010-4468
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14465
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown...
Type:
Software
Bulletins:
OVAL14465
CVE-2011-3552
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14271
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows...
Type:
Software
Bulletins:
OVAL14271
CVE-2010-4466
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14144
Title:
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. ...
Type:
Software
Bulletins:
OVAL14144
CVE-2010-0841
Severity:
Low
Description:
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14507
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL14507
CVE-2011-2450
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14092
Title:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14092
CVE-2010-0843
Severity:
Low
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13357
Title:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL13357
CVE-2010-0839
Severity:
Low
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13923
Title:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the...
Type:
Software
Bulletins:
OVAL13923
CVE-2010-0838
Severity:
Low
Description:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14503
Title:
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14503
CVE-2010-0846
Severity:
Low
Description:
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14351
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors....
Type:
Software
Bulletins:
OVAL14351
CVE-2010-0094
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14189
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL14189
CVE-2011-2452
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14373
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to...
Type:
Software
Bulletins:
OVAL14373
CVE-2011-3557
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14225
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
Type:
Software
Bulletins:
OVAL14225
CVE-2011-0864
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14210
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Type:
Software
Bulletins:
OVAL14210
CVE-2010-0092
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13294
Title:
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through...
Type:
Web
Bulletins:
OVAL13294
CVE-2010-3654
Severity:
Low
Description:
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Applies to:
Adobe Flash Player
Adobe Acrobat
Adobe Reader
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14354
Title:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14354
CVE-2010-3541
Severity:
Low
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14215
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code...
Type:
Web
Bulletins:
OVAL14215
CVE-2011-2456
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14321
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability...
Type:
Software
Bulletins:
OVAL14321
CVE-2010-0088
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13795
Title:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL13795
CVE-2010-0849
Severity:
Low
Description:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14340
Title:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14340
CVE-2010-3549
Severity:
Low
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14282
Title:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14282
CVE-2010-0844
Severity:
Low
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14105
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
Type:
Software
Bulletins:
OVAL14105
CVE-2010-0095
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14014
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to...
Type:
Web
Bulletins:
OVAL14014
CVE-2011-2458
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14477
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL14477
CVE-2011-0802
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14101
Title:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14101
CVE-2010-0842
Severity:
Low
Description:
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14174
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL14174
CVE-2011-0814
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14034
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL14034
CVE-2010-4465
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14524
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to...
Type:
Software
Bulletins:
OVAL14524
CVE-2011-3554
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13492
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
Type:
Software
Bulletins:
OVAL13492
CVE-2010-0091
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14492
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL14492
CVE-2011-3548
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13546
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
OVAL13546
CVE-2010-4454
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14003
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL14003
CVE-2011-2454
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14316
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to...
Type:
Software
Bulletins:
OVAL14316
CVE-2011-3556
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13961
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL13961
CVE-2011-2451
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14081
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
Type:
Software
Bulletins:
OVAL14081
CVE-2011-0865
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13934
Title:
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via...
Type:
Software
Bulletins:
OVAL13934
CVE-2010-0082
Severity:
Low
Description:
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14328
Title:
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other...
Type:
Software
Bulletins:
OVAL14328
CVE-2010-4476
Severity:
Low
Description:
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14165
Title:
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute...
Type:
Web
Bulletins:
OVAL14165
CVE-2011-2457
Severity:
Low
Description:
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL13888
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via...
Type:
Software
Bulletins:
OVAL13888
CVE-2011-0873
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14233
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL14233
CVE-2010-4475
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14208
Title:
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
Type:
Software
Bulletins:
OVAL14208
CVE-2010-0089
Severity:
Low
Description:
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14403
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL14403
CVE-2010-4447
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13662
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to...
Type:
Software
Bulletins:
OVAL13662
CVE-2011-3521
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14521
Title:
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Type:
Software
Bulletins:
OVAL14521
CVE-2010-0845
Severity:
Low
Description:
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14276
Title:
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Type:
Software
Bulletins:
OVAL14276
CVE-2010-0837
Severity:
Low
Description:
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14453
Title:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14453
CVE-2010-0847
Severity:
Low
Description:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13971
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
Type:
Software
Bulletins:
OVAL13971
CVE-2010-0840
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14240
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
Type:
Software
Bulletins:
OVAL14240
CVE-2011-0867
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14112
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
Type:
Software
Bulletins:
OVAL14112
CVE-2011-0871
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14417
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets...
Type:
Software
Bulletins:
OVAL14417
CVE-2010-4471
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14288
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via...
Type:
Software
Bulletins:
OVAL14288
CVE-2010-0093
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14146
Title:
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that...
Type:
Web
Bulletins:
OVAL14146
CVE-2010-0379
Severity:
Low
Description:
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.
Applies to:
Adobe Flash Player
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14335
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted...
Type:
Software
Bulletins:
OVAL14335
CVE-2011-0815
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14260
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL14260
CVE-2011-2460
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL13959
Title:
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and...
Type:
Software
Bulletins:
OVAL13959
CVE-2010-0087
Severity:
Low
Description:
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14339
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL14339
CVE-2011-3547
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14312
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL14312
CVE-2011-2445
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL13904
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL13904
CVE-2011-2459
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14350
Title:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown...
Type:
Software
Bulletins:
OVAL14350
CVE-2010-0848
Severity:
Low
Description:
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14045
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL14045
CVE-2010-4448
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14180
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to...
Type:
Software
Bulletins:
OVAL14180
CVE-2011-3545
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13885
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL13885
CVE-2011-3549
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13317
Title:
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
OVAL13317
CVE-2011-0862
Severity:
Low
Description:
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13803
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability...
Type:
Software
Bulletins:
OVAL13803
CVE-2010-0085
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Java Runtime Environment
Java Development Kit
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14061
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
Type:
Software
Bulletins:
OVAL14061
CVE-2010-0084
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14510
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL14510
CVE-2011-2455
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14039
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality,...
Type:
Software
Bulletins:
OVAL14039
CVE-2010-4462
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14231
Title:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial...
Type:
Web
Bulletins:
OVAL14231
CVE-2011-2453
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-25
Updated:
2015-08-03

ID:
OVAL14011
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start...
Type:
Software
Bulletins:
OVAL14011
CVE-2011-0866
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL13639
Title:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL13639
CVE-2010-4469
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
OVAL14394
Title:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and...
Type:
Software
Bulletins:
OVAL14394
CVE-2011-3560
Severity:
Low
Description:
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-11-25
Updated:
2015-03-23

ID:
CVE-2011-4499
Title:
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish...
Type:
Hardware
Bulletins:
CVE-2011-4499
Severity:
High
Description:
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Applies to:
wrt54gs
wrt54g
wrt54gs
wrt54g
Created:
2011-11-22
Updated:
2017-04-24

ID:
CVE-2011-4500
Title:
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.
Type:
Hardware
Bulletins:
CVE-2011-4500
Severity:
High
Description:
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.
Applies to:
wrt54gx
wrt54gx
Created:
2011-11-22
Updated:
2017-04-24

ID:
CVE-2011-3439
Title:
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Type:
Mobile Devices
Bulletins:
CVE-2011-3439
Severity:
High
Description:
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Applies to:
Created:
2011-11-11
Updated:
2017-04-24

ID:
CVE-2011-3440
Title:
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
Type:
Mobile Devices
Bulletins:
CVE-2011-3440
Severity:
Low
Description:
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
Applies to:
Created:
2011-11-11
Updated:
2017-04-24

ID:
CVE-2011-3441
Title:
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
Type:
Mobile Devices
Bulletins:
CVE-2011-3441
Severity:
Medium
Description:
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
Applies to:
Created:
2011-11-11
Updated:
2017-04-24

ID:
CVE-2011-3442
Title:
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
Type:
Mobile Devices
Bulletins:
CVE-2011-3442
Severity:
High
Description:
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
Applies to:
Created:
2011-11-11
Updated:
2017-04-24

ID:
OVAL13832
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL13832
CVE-2011-0620
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13945
Title:
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to...
Type:
Web
Bulletins:
OVAL13945
CVE-2011-2428
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14050
Title:
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted...
Type:
Web
Bulletins:
OVAL14050
CVE-2011-2444
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13940
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL13940
CVE-2011-2415
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14066
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,...
Type:
Web
Bulletins:
OVAL14066
CVE-2011-0608
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14125
Title:
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary...
Type:
Web
Bulletins:
OVAL14125
CVE-2011-2427
Severity:
Low
Description:
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14021
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,...
Type:
Web
Bulletins:
OVAL14021
CVE-2011-0572
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14091
Title:
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified...
Type:
Web
Bulletins:
OVAL14091
CVE-2011-2110
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14206
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL14206
CVE-2011-2137
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13979
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL13979
CVE-2011-2134
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14096
Title:
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related...
Type:
Web
Bulletins:
OVAL14096
CVE-2011-2429
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass."
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14056
Title:
Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.
Type:
Web
Bulletins:
OVAL14056
CVE-2011-0558
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14137
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,...
Type:
Web
Bulletins:
OVAL14137
CVE-2011-0607
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14095
Title:
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Type:
Web
Bulletins:
OVAL14095
CVE-2011-0575
Severity:
Low
Description:
Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14169
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571,...
Type:
Web
Bulletins:
OVAL14169
CVE-2011-0561
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14160
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL14160
CVE-2011-0621
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13809
Title:
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
Type:
Web
Bulletins:
OVAL13809
CVE-2011-2430
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13429
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571,...
Type:
Web
Bulletins:
OVAL13429
CVE-2011-0560
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14009
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object...
Type:
Web
Bulletins:
OVAL14009
CVE-2011-0559
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14172
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,...
Type:
Web
Bulletins:
OVAL14172
CVE-2011-0573
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13924
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different...
Type:
Web
Bulletins:
OVAL13924
CVE-2011-0624
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14194
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL14194
CVE-2011-2130
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14088
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL14088
CVE-2011-0619
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14115
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,...
Type:
Web
Bulletins:
OVAL14115
CVE-2011-0571
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13762
Title:
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via...
Type:
Web
Bulletins:
OVAL13762
CVE-2011-2107
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."
Applies to:
Adobe Flash Player
Adobe Acrobat
Adobe Reader
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14164
Title:
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
Type:
Web
Bulletins:
OVAL14164
CVE-2011-0577
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13994
Title:
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array...
Type:
Web
Bulletins:
OVAL13994
CVE-2011-0628
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14199
Title:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute...
Type:
Web
Bulletins:
OVAL14199
CVE-2011-2424
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14085
Title:
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL14085
CVE-2011-2138
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14073
Title:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary...
Type:
Web
Bulletins:
OVAL14073
CVE-2011-2425
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14043
Title:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL14043
CVE-2011-2414
Severity:
Low
Description:
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14070
Title:
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute...
Type:
Web
Bulletins:
OVAL14070
CVE-2011-2426
Severity:
Low
Description:
Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14175
Title:
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x...
Type:
Web
Bulletins:
OVAL14175
CVE-2011-0611
Severity:
Low
Description:
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Applies to:
Adobe Flash Player
Adobe Acrobat
Adobe Air
Adobe Reader
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13914
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash...
Type:
Web
Bulletins:
OVAL13914
CVE-2011-0627
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14015
Title:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary...
Type:
Web
Bulletins:
OVAL14015
CVE-2011-2417
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14111
Title:
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL14111
CVE-2011-2136
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14074
Title:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary...
Type:
Web
Bulletins:
OVAL14074
CVE-2011-2140
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14132
Title:
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to...
Type:
Web
Bulletins:
OVAL14132
CVE-2011-2416
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14077
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different...
Type:
Web
Bulletins:
OVAL14077
CVE-2011-0625
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14106
Title:
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.
Type:
Web
Bulletins:
OVAL14106
CVE-2011-0618
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14147
Title:
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader...
Type:
Web
Bulletins:
OVAL14147
CVE-2011-0609
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
Applies to:
Adobe Flash Player
Adobe Acrobat
Adobe Reader
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14113
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a...
Type:
Web
Bulletins:
OVAL14113
CVE-2011-0622
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13901
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different...
Type:
Web
Bulletins:
OVAL13901
CVE-2011-0623
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13379
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
Type:
Web
Bulletins:
OVAL13379
CVE-2011-0579
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13205
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type...
Type:
Web
Bulletins:
OVAL13205
CVE-2011-0578
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified ActionScript3 object and improper type checking, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14016
Title:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary...
Type:
Web
Bulletins:
OVAL14016
CVE-2011-2135
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14204
Title:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same...
Type:
Web
Bulletins:
OVAL14204
CVE-2011-2139
Severity:
Low
Description:
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
Applies to:
Adobe Flash Player
Adobe Air
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL13988
Title:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,...
Type:
Web
Bulletins:
OVAL13988
CVE-2011-0574
Severity:
Low
Description:
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
OVAL14036
Title:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different...
Type:
Web
Bulletins:
OVAL14036
CVE-2011-0626
Severity:
Low
Description:
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.
Applies to:
Adobe Flash Player
Created:
2011-11-04
Updated:
2015-08-03

ID:
CVE-2011-4005
Title:
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and...
Type:
Hardware
Bulletins:
CVE-2011-4005
SFBID50495
Severity:
High
Description:
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.
Applies to:
Cisco srp521
Cisco srp526
Cisco srp541
Cisco srp546
Cisco srp547
Cisco srp527
Created:
2011-11-03
Updated:
2017-04-24

ID:
CVE-2011-0941
Title:
Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory...
Type:
Hardware
Bulletins:
CVE-2011-0941
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.
Applies to:
Unified Communications Manager
Created:
2011-11-01
Updated:
2017-04-24

ID:
CVE-2011-2569
Title:
Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008,...
Type:
Hardware
Bulletins:
CVE-2011-2569
Severity:
Medium
Description:
Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.
Applies to:
Created:
2011-10-27
Updated:
2017-04-24

ID:
CVE-2011-3315
Title:
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP...
Type:
Hardware
Bulletins:
CVE-2011-3315
Severity:
High
Description:
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
Applies to:
Unified Communications Manager
Created:
2011-10-27
Updated:
2017-04-24

ID:
CVE-2011-2059
Title:
The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a...
Type:
Hardware
Bulletins:
CVE-2011-2059
Severity:
Medium
Description:
The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attackers to conduct fingerprinting attacks and obtain potentially sensitive information about the presence of the IOS operating system via an ICMPv6 Echo Request packet containing a Hop-by-Hop (HBH) extension header (EH) with a 0x0c01050c value in the PadN option data, aka Bug ID CSCtq02219.
Applies to:
Created:
2011-10-21
Updated:
2017-04-24

ID:
CVE-2011-1640
Title:
The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug...
Type:
Hardware
Bulletins:
CVE-2011-1640
Severity:
High
Description:
The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does not properly support a large number of LLDP Management Address (MA) TLVs, which allows remote attackers to cause a denial of service (device crash) via crafted LLDPDUs, aka Bug ID CSCtj22354.
Applies to:
Created:
2011-10-21
Updated:
2017-04-24

ID:
CVE-2011-2057
Title:
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which...
Type:
Hardware
Bulletins:
CVE-2011-2057
Severity:
High
Description:
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle (1) a loop between a dot1x enabled port and an open-authentication dot1x enabled port and (2) a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames, aka Bug ID CSCtq36327.
Applies to:
Created:
2011-10-21
Updated:
2017-04-24

ID:
CVE-2011-2058
Title:
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors...
Type:
Hardware
Bulletins:
CVE-2011-2058
Severity:
High
Description:
The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service (traffic storm) via unspecified vectors that trigger many unicast EAPoL Protocol Data Units (PDUs), aka Bug ID CSCtq36336.
Applies to:
Created:
2011-10-21
Updated:
2017-04-24

ID:
CVE-2011-2060
Title:
The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description,...
Type:
Hardware
Bulletins:
CVE-2011-2060
Severity:
Medium
Description:
The platform-sw component on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 before 8.2(5.3), 8.3 before 8.3(2.20), and 8.4 before 8.4(2.1) does not properly handle non-ASCII characters in an interface description, which allows local users to cause a denial of service (reload without configuration) via a crafted description, aka Bug ID CSCtq50523.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-10-21
Updated:
2017-04-24

ID:
CVE-2010-4964
Title:
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
Type:
Hardware
Bulletins:
CVE-2010-4964
Severity:
High
Description:
recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
Applies to:
DCS-2121
DCS-2121
Created:
2011-10-16
Updated:
2017-04-24

ID:
CVE-2010-4965
Title:
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.
Type:
Hardware
Bulletins:
CVE-2010-4965
Severity:
High
Description:
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server.
Applies to:
DCS-2121
DCS-2121
Created:
2011-10-16
Updated:
2017-04-24

ID:
CVE-2011-3427
Title:
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or...
Type:
Mobile Devices
Bulletins:
CVE-2011-3427
Severity:
Low
Description:
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3429
Title:
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
Type:
Mobile Devices
Bulletins:
CVE-2011-3429
Severity:
Low
Description:
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3430
Title:
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by...
Type:
Mobile Devices
Bulletins:
CVE-2011-3430
Severity:
High
Description:
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3431
Title:
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
Type:
Mobile Devices
Bulletins:
CVE-2011-3431
Severity:
Low
Description:
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3432
Title:
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
Type:
Mobile Devices
Bulletins:
CVE-2011-3432
Severity:
Medium
Description:
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3434
Title:
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2011-3434
Severity:
Medium
Description:
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3243
Title:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
Type:
Mobile Devices
Bulletins:
CVE-2011-3243
SFBID50088
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3245
Title:
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
Type:
Mobile Devices
Bulletins:
CVE-2011-3245
Severity:
Low
Description:
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3246
Title:
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a...
Type:
Mobile Devices
Bulletins:
CVE-2011-3246
SFBID50085
Severity:
Medium
Description:
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3253
Title:
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
Type:
Mobile Devices
Bulletins:
CVE-2011-3253
Severity:
Low
Description:
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3254
Title:
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
Type:
Mobile Devices
Bulletins:
CVE-2011-3254
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3255
Title:
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2011-3255
Severity:
Medium
Description:
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3256
Title:
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via...
Type:
Mobile Devices
Bulletins:
CVE-2011-3256
SFBID50155
Severity:
Medium
Description:
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3257
Title:
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances...
Type:
Mobile Devices
Bulletins:
CVE-2011-3257
Severity:
Low
Description:
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3259
Title:
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many...
Type:
Mobile Devices
Bulletins:
CVE-2011-3259
SFBID50087
Severity:
Medium
Description:
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3260
Title:
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
Type:
Mobile Devices
Bulletins:
CVE-2011-3260
Severity:
Medium
Description:
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3261
Title:
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
Type:
Mobile Devices
Bulletins:
CVE-2011-3261
Severity:
Medium
Description:
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3426
Title:
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
Type:
Mobile Devices
Bulletins:
CVE-2011-3426
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
Applies to:
Created:
2011-10-14
Updated:
2017-04-24

ID:
CVE-2011-3296
Title:
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via...
Type:
Hardware
Bulletins:
CVE-2011-3296
Severity:
High
Description:
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875.
Applies to:
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3297
Title:
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by...
Type:
Hardware
Bulletins:
CVE-2011-3297
Severity:
High
Description:
Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697.
Applies to:
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3298
Title:
Cisco Multiple Product TACACS+ Reply Parsing Authentication Bypass
Type:
Hardware
Bulletins:
CVE-2011-3298
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3299
Title:
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS
Type:
Hardware
Bulletins:
CVE-2011-3299
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3300
Title:
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS
Type:
Hardware
Bulletins:
CVE-2011-3300
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06065 and CSCtq09978.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3301
Title:
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS
Type:
Hardware
Bulletins:
CVE-2011-3301
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06062 and CSCtq09986.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3302
Title:
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS
Type:
Hardware
Bulletins:
CVE-2011-3302
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92398 and CSCtq09989.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3303
Title:
Cisco Multiple Product ILS Message Packet Parsing Remote DoS
Type:
Hardware
Bulletins:
CVE-2011-3303
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-3304
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before...
Type:
Hardware
Bulletins:
CVE-2011-3304
SFBID49952
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2), and 8.5 before 8.5(1.1) allow remote attackers to cause a denial of service (device reload) via crafted MSN Instant Messenger traffic, aka Bug ID CSCtl67486.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco Catalyst 7600
Cisco Catalyst 6500 Series Switches
Created:
2011-10-06
Updated:
2017-04-24

ID:
CVE-2011-0939
Title:
Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022.
Type:
Hardware
Bulletins:
CVE-2011-0939
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCth03022.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-0944
Title:
Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.
Type:
Hardware
Bulletins:
CVE-2011-0944
Severity:
High
Description:
Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets, aka Bug ID CSCtj41194.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-0945
Title:
Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to...
Type:
Hardware
Bulletins:
CVE-2011-0945
Severity:
High
Description:
Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xS before 3.1.3S and 3.2.xS before 3.2.1S, when implemented over Fast Sequence Transport (FST), allows remote attackers to cause a denial of service (memory consumption and device reload or hang) via a crafted IP protocol 91 packet, aka Bug ID CSCth69364.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3975
Title:
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote...
Type:
Mobile Devices
Bulletins:
CVE-2011-3975
SFBID49916
Severity:
Low
Description:
A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-0946
Title:
The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS)...
Type:
Hardware
Bulletins:
CVE-2011-0946
Severity:
High
Description:
The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-2072
Title:
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2011-2072
Severity:
High
Description:
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.
Applies to:
Unified Communications Manager
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3270
Title:
Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453.
Type:
Hardware
Bulletins:
CVE-2011-3270
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and 15.0S before 15.0(1)S3a on Cisco 10000 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of crafted ICMP packets, aka Bug ID CSCtk62453.
Applies to:
Cisco 10008 Router
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3271
Title:
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.
Type:
Hardware
Bulletins:
CVE-2011-3271
Severity:
High
Description:
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3272
Title:
The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073.
Type:
Hardware
Bulletins:
CVE-2011-3272
Severity:
High
Description:
The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15.1, and IOS XE 2.1.x through 3.3.x, allows remote attackers to cause a denial of service (memory corruption and device reload) via malformed IP SLA packets, aka Bug ID CSCtk67073.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3273
Title:
Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka...
Type:
Hardware
Bulletins:
CVE-2011-3273
Severity:
High
Description:
Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Firewall (aka ZBFW) is configured, allows remote attackers to cause a denial of service (memory consumption or device crash) via vectors that trigger many session creation flows, aka Bug ID CSCti79848.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3274
Title:
Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet,...
Type:
Hardware
Bulletins:
CVE-2011-3274
Severity:
Medium
Description:
Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device crash) via a crafted IPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCto07919.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3275
Title:
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504.
Type:
Hardware
Bulletins:
CVE-2011-3275
Severity:
High
Description:
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3276
Title:
Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port...
Type:
Hardware
Bulletins:
CVE-2011-3276
Severity:
High
Description:
Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) by sending crafted SIP packets to TCP port 5060, aka Bug ID CSCso02147.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3277
Title:
Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka...
Type:
Hardware
Bulletins:
CVE-2011-3277
Severity:
High
Description:
Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka Bug ID CSCth11006.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3278
Title:
Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka...
Type:
Hardware
Bulletins:
CVE-2011-3278
Severity:
High
Description:
Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCti48483.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3279
Title:
The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219.
Type:
Hardware
Bulletins:
CVE-2011-3279
Severity:
High
Description:
The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3280
Title:
Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port...
Type:
Hardware
Bulletins:
CVE-2011-3280
Severity:
High
Description:
Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted SIP packets to UDP port 5060, aka Bug ID CSCtj04672.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3281
Title:
Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2011-3281
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain HTTP Layer 7 Application Control and Inspection configurations, allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTP packet, aka Bug ID CSCto68554.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-3282
Title:
Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related...
Type:
Hardware
Bulletins:
CVE-2011-3282
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15.0, and 15.1, and IOS XE 2.1.x through 3.3.x, when an MPLS domain is configured, allows remote attackers to cause a denial of service (device reload) via an ICMPv6 packet, related to an expired MPLS TTL, aka Bug ID CSCtj30155.
Applies to:
Created:
2011-10-03
Updated:
2017-04-24

ID:
CVE-2011-2543
Title:
Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long...
Type:
Hardware
Bulletins:
CVE-2011-2543
SFBID49670
Severity:
High
Description:
Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.
Applies to:
Cisco Codec C40
Cisco Codec C90
Cisco Codec C60
Created:
2011-09-23
Updated:
2017-04-24

ID:
CVE-2011-2544
Title:
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant...
Type:
Hardware
Bulletins:
CVE-2011-2544
SFBID49670
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.
Applies to:
Cisco TelePresence System 1700 MXP
Cisco TelePresence System 1000 MXP
Created:
2011-09-23
Updated:
2017-04-24

ID:
CVE-2011-2581
Title:
The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which...
Type:
Hardware
Bulletins:
CVE-2011-2581
Severity:
Medium
Description:
The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.
Applies to:
Cisco Nexus 5000 Series
Created:
2011-09-14
Updated:
2017-04-24

ID:
CVE-2011-2577
Title:
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted...
Type:
Hardware
Bulletins:
CVE-2011-2577
SFBID49392
Severity:
High
Description:
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.
Applies to:
Cisco Codec EX60
Cisco Codec EX90
Cisco Codec C90
Cisco TelePresence System 9000 MXP
Cisco TelePresence E20
Cisco Codec C40
Cisco TelePresence System 6000 MXP
Cisco Codec C60
Created:
2011-08-31
Updated:
2017-04-24

ID:
CVE-2011-0228
Title:
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL...
Type:
Mobile Devices
Bulletins:
CVE-2011-0228
SFBID48877
Severity:
High
Description:
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.
Applies to:
Created:
2011-08-29
Updated:
2017-04-24

ID:
CVE-2011-1643
Title:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by...
Type:
Hardware
Bulletins:
CVE-2011-1643
Severity:
High
Description:
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
Applies to:
Unified Communications Manager
Created:
2011-08-29
Updated:
2017-04-24

ID:
CVE-2011-2560
Title:
The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by...
Type:
Hardware
Bulletins:
CVE-2011-2560
Severity:
High
Description:
The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.
Applies to:
Unified Communications Manager
Created:
2011-08-29
Updated:
2017-04-24

ID:
CVE-2011-2561
Title:
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a...
Type:
Hardware
Bulletins:
CVE-2011-2561
Severity:
High
Description:
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.
Applies to:
Unified Communications Manager
Created:
2011-08-29
Updated:
2017-04-24

ID:
CVE-2011-2562
Title:
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2011-2562
Severity:
High
Description:
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.
Applies to:
Unified Communications Manager
Created:
2011-08-29
Updated:
2017-04-24

ID:
CVE-2011-2563
Title:
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause...
Type:
Hardware
Bulletins:
CVE-2011-2563
Severity:
High
Description:
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.
Applies to:
Unified Communications Manager
Created:
2011-08-29
Updated:
2017-04-24

ID:
CVE-2011-2564
Title:
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause...
Type:
Hardware
Bulletins:
CVE-2011-2564
Severity:
High
Description:
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.
Applies to:
Unified Communications Manager
Created:
2011-08-29
Updated:
2017-04-24

ID:
CVE-2011-1624
Title:
Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631.
Type:
Hardware
Bulletins:
CVE-2011-1624
Severity:
High
Description:
Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote attackers to cause a denial of service (device reload) by establishing two SSH2 sessions, aka Bug ID CSCto62631.
Applies to:
Created:
2011-08-18
Updated:
2017-04-24

ID:
CVE-2011-1625
Title:
Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing...
Type:
Hardware
Bulletins:
CVE-2011-1625
Severity:
Medium
Description:
Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switching (DLSw) feature is configured, allows remote attackers to cause a denial of service (device crash) by sending a sequence of malformed packets and leveraging a "narrow timing window," aka Bug ID CSCtf74999, a different vulnerability than CVE-2007-0199, CVE-2008-1152, and CVE-2009-0629.
Applies to:
Created:
2011-08-18
Updated:
2017-04-24

ID:
CVE-2011-2357
Title:
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the...
Type:
Mobile Devices
Bulletins:
CVE-2011-2357
SFBID48954
Severity:
Medium
Description:
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.
Applies to:
Created:
2011-08-12
Updated:
2017-04-24

ID:
CVE-2011-2546
Title:
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
Type:
Hardware
Bulletins:
CVE-2011-2546
SFBID48812
Severity:
Medium
Description:
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
Applies to:
Cisco SA520w
Cisco SA540
Cisco SA520
Created:
2011-07-28
Updated:
2017-04-24

ID:
CVE-2011-2547
Title:
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
Type:
Hardware
Bulletins:
CVE-2011-2547
SFBID48810
Severity:
High
Description:
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
Applies to:
Cisco SA520w
Cisco SA540
Cisco SA520
Created:
2011-07-28
Updated:
2017-04-24

ID:
CVE-2011-2549
Title:
Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695.
Type:
Hardware
Bulletins:
CVE-2011-2549
SFBID48811
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695.
Applies to:
Cisco ASR 9006 Router
Cisco ASR 9010 Router
Created:
2011-07-28
Updated:
2017-04-24

ID:
CVE-2011-0226
Title:
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial...
Type:
Mobile Devices
Bulletins:
CVE-2011-0226
SFBID48619
Severity:
High
Description:
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Applies to:
Created:
2011-07-19
Updated:
2017-04-24

ID:
CVE-2011-0227
Title:
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2011-0227
Severity:
High
Description:
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
Applies to:
Created:
2011-07-19
Updated:
2017-04-24

ID:
CVE-2011-2064
Title:
Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577.
Type:
Hardware
Bulletins:
CVE-2011-2064
SFBID48581
Severity:
High
Description:
Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577.
Applies to:
Created:
2011-07-11
Updated:
2017-04-24

ID:
CVE-2011-2344
Title:
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums...
Type:
Mobile Devices
Bulletins:
CVE-2011-2344
Severity:
High
Description:
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
Applies to:
Created:
2011-07-08
Updated:
2017-04-24

ID:
OVAL12441
Title:
Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL12441
CVE-2005-1794
Severity:
Low
Description:
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.
Applies to:
Created:
2011-06-28
Updated:
2015-08-10

ID:
OVAL12664
Title:
XML External Entities Resolution Vulnerability
Type:
Software
Bulletins:
OVAL12664
CVE-2011-1280
Severity:
Low
Description:
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
Applies to:
Microsoft Office InfoPath 2007
Microsoft Office InfoPath 2010
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server Management Studio Express (SSMSE) 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Created:
2011-06-14
Updated:
2015-06-15

ID:
CVE-2010-4804
Title:
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
Type:
Mobile Devices
Bulletins:
CVE-2010-4804
SFBID48256
Severity:
Medium
Description:
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
Applies to:
Created:
2011-06-09
Updated:
2017-04-24

ID:
CVE-2011-1823
Title:
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that...
Type:
Mobile Devices
Bulletins:
CVE-2011-1823
Severity:
High
Description:
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
Applies to:
Created:
2011-06-09
Updated:
2017-04-24

ID:
CVE-2011-2395
Title:
The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is...
Type:
Hardware
Bulletins:
CVE-2011-2395
Severity:
Medium
Description:
The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message.
Applies to:
Created:
2011-06-08
Updated:
2017-04-24

ID:
CVE-2011-0943
Title:
Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147.
Type:
Hardware
Bulletins:
CVE-2011-0943
Severity:
High
Description:
Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause a denial of service (NetIO process restart or device reload) via a crafted IPv4 packet, aka Bug ID CSCth44147.
Applies to:
Created:
2011-05-31
Updated:
2017-04-24

ID:
CVE-2011-0949
Title:
Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.
Type:
Hardware
Bulletins:
CVE-2011-0949
Severity:
High
Description:
Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote attackers to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.
Applies to:
Created:
2011-05-31
Updated:
2017-04-24

ID:
CVE-2011-1651
Title:
Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095.
Type:
Hardware
Bulletins:
CVE-2011-1651
Severity:
High
Description:
Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when an SPA interface processor is installed, allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCto45095.
Applies to:
Created:
2011-05-31
Updated:
2017-04-24

ID:
CVE-2011-1609
Title:
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL...
Type:
Hardware
Bulletins:
CVE-2011-1609
SFBID47605
Severity:
High
Description:
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
Applies to:
Unified Communications Manager
Created:
2011-05-03
Updated:
2017-04-24

ID:
CVE-2011-1610
Title:
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2,...
Type:
Hardware
Bulletins:
CVE-2011-1610
SFBID47607
Severity:
Medium
Description:
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
Applies to:
Unified Communications Manager
Created:
2011-05-03
Updated:
2017-04-24

ID:
CVE-2011-1613
Title:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets,...
Type:
Hardware
Bulletins:
CVE-2011-1613
SFBID47606
Severity:
High
Description:
Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426.
Applies to:
Created:
2011-05-03
Updated:
2017-04-24

ID:
CVE-2011-1605
Title:
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process...
Type:
Hardware
Bulletins:
CVE-2011-1605
SFBID47610
Severity:
High
Description:
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.
Applies to:
Unified Communications Manager
Created:
2011-05-03
Updated:
2017-04-24

ID:
CVE-2011-1606
Title:
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process...
Type:
Hardware
Bulletins:
CVE-2011-1606
SFBID47611
Severity:
High
Description:
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.
Applies to:
Unified Communications Manager
Created:
2011-05-03
Updated:
2017-04-24

ID:
CVE-2011-1607
Title:
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to...
Type:
Hardware
Bulletins:
CVE-2011-1607
SFBID47608
Severity:
Medium
Description:
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.
Applies to:
Unified Communications Manager
Created:
2011-05-03
Updated:
2017-04-24

ID:
CVE-2011-1604
Title:
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption...
Type:
Hardware
Bulletins:
CVE-2011-1604
SFBID47609
Severity:
High
Description:
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.
Applies to:
Unified Communications Manager
Created:
2011-05-03
Updated:
2017-04-24

ID:
CVE-2011-1149
Title:
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to...
Type:
Mobile Devices
Bulletins:
CVE-2011-1149
Severity:
High
Description:
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.
Applies to:
Created:
2011-04-21
Updated:
2017-04-24

ID:
CVE-2011-0195
Title:
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.
Type:
Mobile Devices
Bulletins:
CVE-2011-0195
Severity:
Medium
Description:
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.
Applies to:
Created:
2011-04-15
Updated:
2017-04-24

ID:
CVE-2011-0935
Title:
The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a...
Type:
Hardware
Bulletins:
CVE-2011-0935
SFBID47407
Severity:
High
Description:
The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685.
Applies to:
Created:
2011-04-14
Updated:
2017-04-24

ID:
OVAL12457
Title:
MFC Insecure Library Loading Vulnerability
Type:
Software
Bulletins:
OVAL12457
CVE-2010-3190
Severity:
Low
Description:
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
Applies to:
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Microsoft Visual Studio 2008
Microsoft Visual Studio 2010
Microsoft Visual C++ 2005 Redistributable Package
Microsoft Visual C++ 2008 Redistributable Package
Created:
2011-04-12
Updated:
2015-08-10

ID:
OVAL12367
Title:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 and earlier versions
Type:
Software
Bulletins:
OVAL12367
CVE-2010-3574
Severity:
Low
Description:
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
Applies to:
Java Development Kit
Java Runtime Environment
Created:
2011-03-29
Updated:
2015-03-23

ID:
OVAL12514
Title:
Vulnerability in Microsoft Internet Explorer Could Allow GUI Corruption
Type:
Web
Bulletins:
OVAL12514
CVE-2011-0347
Severity:
High
Description:
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
Applies to:
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2011-03-18
Updated:
2012-04-16

ID:
OVAL12212
Title:
Untrusted search path vulnerability in Adobe Flash Player 9 and earlier versions.
Type:
Web
Bulletins:
OVAL12212
CVE-2010-3975
Severity:
Low
Description:
Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash.
Applies to:
Adobe Flash Player
Created:
2011-03-16
Updated:
2015-08-03

ID:
OVAL12519
Title:
Apple iTunes Webkit Vulnerability, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service
Type:
Software
Bulletins:
OVAL12519
CVE-2011-0152
Severity:
Low
Description:
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Applies to:
Apple iTunes
Created:
2011-03-13
Updated:
2015-06-22

ID:
CVE-2011-0161
Title:
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences...
Type:
Mobile Devices
Bulletins:
CVE-2011-0161
SFBID46814
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-0162
Title:
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless...
Type:
Mobile Devices
Bulletins:
CVE-2011-0162
SFBID46813
Severity:
High
Description:
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-0163
Title:
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site...
Type:
Mobile Devices
Bulletins:
CVE-2011-0163
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-0157
Title:
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs...
Type:
Mobile Devices
Bulletins:
CVE-2011-0157
SFBID46807
Severity:
High
Description:
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-0158
Title:
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.
Type:
Mobile Devices
Bulletins:
CVE-2011-0158
SFBID46806
Severity:
Medium
Description:
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-0159
Title:
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by...
Type:
Mobile Devices
Bulletins:
CVE-2011-0159
SFBID46810
Severity:
Medium
Description:
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-0160
Title:
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the...
Type:
Mobile Devices
Bulletins:
CVE-2011-0160
Severity:
Medium
Description:
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-1417
Title:
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory...
Type:
Mobile Devices
Bulletins:
CVE-2011-1417
Severity:
Medium
Description:
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-1418
Title:
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote...
Type:
Mobile Devices
Bulletins:
CVE-2011-1418
Severity:
Medium
Description:
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
Applies to:
Created:
2011-03-11
Updated:
2017-04-24

ID:
CVE-2011-1344
Title:
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary...
Type:
Mobile Devices
Bulletins:
CVE-2011-1344
SFBID46822
Severity:
Medium
Description:
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.
Applies to:
Created:
2011-03-10
Updated:
2017-04-24

ID:
CVE-2011-0372
Title:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
Type:
Hardware
Bulletins:
CVE-2011-0372
Severity:
High
Description:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
Applies to:
Cisco TelePresence System 3200
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 3000
Cisco TelePresence System 1000
Cisco TelePresence System 1300
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0373
Title:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
Type:
Hardware
Bulletins:
CVE-2011-0373
Severity:
High
Description:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
Applies to:
Cisco TelePresence System 3200
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 3000
Cisco TelePresence System 1000
Cisco TelePresence System 1300
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0374
Title:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.
Type:
Hardware
Bulletins:
CVE-2011-0374
Severity:
High
Description:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.
Applies to:
Cisco TelePresence System 3200
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 3000
Cisco TelePresence System 1000
Cisco TelePresence System 1300
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0375
Title:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
Type:
Hardware
Bulletins:
CVE-2011-0375
Severity:
High
Description:
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
Applies to:
Cisco TelePresence System 3200
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 3000
Cisco TelePresence System 1000
Cisco TelePresence System 1300
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0376
Title:
The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.
Type:
Hardware
Bulletins:
CVE-2011-0376
Severity:
High
Description:
The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.
Applies to:
Cisco TelePresence System 3200
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 3000
Cisco TelePresence System 1000
Cisco TelePresence System 1300
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0377
Title:
Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP...
Type:
Hardware
Bulletins:
CVE-2011-0377
Severity:
High
Description:
Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605.
Applies to:
Cisco TelePresence System 3200
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 3000
Cisco TelePresence System 1000
Cisco TelePresence System 1300
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0378
Title:
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.
Type:
Hardware
Bulletins:
CVE-2011-0378
Severity:
High
Description:
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.
Applies to:
Cisco TelePresence System 3200
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 3000
Cisco TelePresence System 1000
Cisco TelePresence System 1300
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0379
Title:
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software...
Type:
Hardware
Bulletins:
CVE-2011-0379
Severity:
High
Description:
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco TelePresence System 500
Cisco TelePresence System 1000
Cisco TelePresence System 3200
Cisco TelePresence System 1100
Cisco Telepresence Multipoint Switch
Cisco TelePresence System 1300
Cisco...
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0383
Title:
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative...
Type:
Hardware
Bulletins:
CVE-2011-0383
SFBID46519
Severity:
High
Description:
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0384
Title:
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary...
Type:
Hardware
Bulletins:
CVE-2011-0384
SFBID46520
Severity:
High
Description:
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0385
Title:
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite...
Type:
Hardware
Bulletins:
CVE-2011-0385
Severity:
High
Description:
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0387
Title:
The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors...
Type:
Hardware
Bulletins:
CVE-2011-0387
SFBID46520
Severity:
High
Description:
The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0388
Title:
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which...
Type:
Hardware
Bulletins:
CVE-2011-0388
SFBID46523
Severity:
High
Description:
Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0389
Title:
Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2011-0389
SFBID46520
Severity:
High
Description:
Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0390
Title:
The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534.
Type:
Hardware
Bulletins:
CVE-2011-0390
SFBID46520
Severity:
High
Description:
The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534.
Applies to:
Cisco Telepresence Multipoint Switch
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0393
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances...
Type:
Hardware
Bulletins:
CVE-2011-0393
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0394
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances...
Type:
Hardware
Bulletins:
CVE-2011-0394
SFBID46518
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances 500 series devices; and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(20), 3.2 before 3.2(20), 4.0 before 4.0(15), and 4.1 before 4.1(5) allow remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug IDs CSCtg69457 and CSCtl84952.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0395
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow...
Type:
Hardware
Bulletins:
CVE-2011-0395
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583.
Applies to:
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5580 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5510 Adaptive...
Created:
2011-02-25
Updated:
2017-04-24

ID:
CVE-2011-0396
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read...
Type:
Hardware
Bulletins:
CVE-2011-0396
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352.
Applies to:
Cisco ASA 5520 Adaptive Security Appliance
Cisco ASA 5580 Adaptive Security Appliance
Cisco ASA 5540 Adaptive Security Appliance
Cisco ASA 5505 Adaptive Security Appliance
Cisco ASA 5550 Adaptive Security Appliance
Cisco ASA 5510 Adaptive...
Created:
2011-02-25
Updated:
2017-04-24

ID:
OVAL12673
Title:
Scripting Memory Reallocation Vulnerability
Type:
Miscellaneous
Bulletins:
OVAL12673
CVE-2011-0663
Severity:
Low
Description:
Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
Applies to:
VBScript 5.6
VBScript 5.7
VBScript 5.8
JScript 5.6
JScript 5.7
JScript 5.8
Created:
2011-02-08
Updated:
2015-08-10

ID:
CVE-2011-0680
Title:
Google Android Mms Application data/WorkingMessage.java Draft Cache SMS Message Remote Disclosure
Type:
Mobile Devices
Bulletins:
CVE-2011-0680
SFBID46105
Severity:
Medium
Description:
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
Applies to:
Created:
2011-01-31
Updated:
2017-04-24

ID:
CVE-2011-0348
Title:
Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass...
Type:
Hardware
Bulletins:
CVE-2011-0348
SFBID46022
Severity:
Medium
Description:
Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917.
Applies to:
Created:
2011-01-28
Updated:
2017-04-24

ID:
CVE-2011-0349
Title:
Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2011-0349
SFBID46026
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth17178, a different vulnerability than CVE-2011-0350.
Applies to:
Created:
2011-01-28
Updated:
2017-04-24

ID:
CVE-2011-0350
Title:
Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID...
Type:
Hardware
Bulletins:
CVE-2011-0350
SFBID46028
Severity:
High
Description:
Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth41891, a different vulnerability than CVE-2011-0349.
Applies to:
Created:
2011-01-28
Updated:
2017-04-24

ID:
CVE-2011-0352
Title:
Linksys WRT54GC HTTP POST Request Remote Overflow
Type:
Hardware
Bulletins:
CVE-2011-0352
Severity:
High
Description:
Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request.
Applies to:
wrt54gc
wrt54gc
Created:
2011-01-24
Updated:
2017-04-24

ID:
OVAL12411
Title:
ADO Record Memory Vulnerability
Type:
Miscellaneous
Bulletins:
OVAL12411
CVE-2011-0027
Severity:
Low
Description:
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
Applies to:
Microsoft Data Access Components
Created:
2011-01-11
Updated:
2015-08-10

ID:
OVAL12333
Title:
DSN Overflow Vulnerability
Type:
Miscellaneous
Bulletins:
OVAL12333
CVE-2011-0026
Severity:
Low
Description:
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
Applies to:
Microsoft Data Access Components
Created:
2011-01-11
Updated:
2015-08-10

ID:
CVE-2009-5037
Title:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911.
Type:
Hardware
Bulletins:
CVE-2009-5037
Severity:
Medium
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2009-5038
Title:
Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server,...
Type:
Hardware
Bulletins:
CVE-2009-5038
SFBID45764
Severity:
High
Description:
Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2009-5039
Title:
Cisco IOS H.323 gk_circuit_info_do_in_acf Function Call Saturation Memory Leak Remote DoS
Type:
Hardware
Bulletins:
CVE-2009-5039
Severity:
High
Description:
Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2009-5040
Title:
Cisco IOS CallManager Express (CME) Extension Mobility Phone SNR Number Change Remote DoS
Type:
Hardware
Bulletins:
CVE-2009-5040
SFBID45765
Severity:
Medium
Description:
CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4670
Title:
Cisco Adaptive Security Appliances (ASA) IPv6 Stack Neighbor Discovery Router Advertisement Message Saturation Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4670
SFBID45760
Severity:
High
Description:
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Cisco PIX 500 Firewall Series
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4671
Title:
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with...
Type:
Hardware
Bulletins:
CVE-2010-4671
SFBID45760
Severity:
High
Description:
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4672
Title:
Cisco Adaptive Security Appliances (ASA) EIGRP Multicast Storm Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4672
SFBID45767
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4673
Title:
Cisco Adaptive Security Appliances (ASA) Packet Saturation Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4673
SFBID45766
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4674
Title:
Cisco Adaptive Security Appliances
Type:
Hardware
Bulletins:
CVE-2010-4674
SFBID45766
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4675
Title:
Cisco Adaptive Security Appliances (ASA) TELNET Connection Interface Remote Access Restriction Bypass
Type:
Hardware
Bulletins:
CVE-2010-4675
SFBID45767
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4676
Title:
Cisco Adaptive Security Appliances (ASA) IPsec Traffic Saturation Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4676
SFBID45767
Severity:
Medium
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4677
Title:
Cisco Adaptive Security Appliances (ASA) emWEB Document Name Space Character Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4677
SFBID45767
Severity:
Medium
Description:
emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4678
Title:
Cisco Adaptive Security Appliances (ASA) Configuration Pre-load Network Packet Restriction Bypass
Type:
Hardware
Bulletins:
CVE-2010-4678
SFBID45767
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4679
Title:
Cisco Adaptive Security Appliances (ASA) OCSP Responder Connection Rejection Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4679
SFBID45767
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4680
Title:
Cisco Adaptive Security Appliances (ASA) WebVPN CIFS Share Access Restriction Bypass
Type:
Hardware
Bulletins:
CVE-2010-4680
SFBID45767
Severity:
High
Description:
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4681
Title:
Cisco Adaptive Security Appliances (ASA) Space Character SMTP Inspection Bypass
Type:
Hardware
Bulletins:
CVE-2010-4681
SFBID45767
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4682
Title:
Cisco Adaptive Security Appliances (ASA) Incorrect LDAP Authentication Attempt Saturation Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4682
SFBID45767
Severity:
High
Description:
Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4683
Title:
Cisco IOS UDP Crafted SIP REGISTER Message Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4683
SFBID45786
Severity:
High
Description:
Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4684
Title:
Cisco IOS IPv6 TFTP Copy Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4684
SFBID45769
Severity:
High
Description:
Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4685
Title:
Cisco IOS Certificate Map Change Public Key Cache Clearing Certificate Ban Bypass
Type:
Hardware
Bulletins:
CVE-2010-4685
SFBID45769
Severity:
Medium
Description:
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4686
Title:
Cisco IOS CallManager Express (CME) SIP TRUNK Traffic Rate Burst Request Size Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4686
SFBID45769
Severity:
High
Description:
CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4687
Title:
Cisco IOS SCCP Telephony Control Application (STCAPP) Shared Line Multiple Call Port Hang Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4687
SFBID45769
Severity:
Medium
Description:
STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.
Applies to:
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4688
Title:
Cisco Adaptive Security Appliances (ASA) SIP Inspection Feature Multiple SIP Call Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4688
SFBID45768
Severity:
High
Description:
Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4689
Title:
Cisco Adaptive Security Appliances (ASA) Unspecified Network Traffic Post-migration ACL Behavior Access Restriction Bypass
Type:
Hardware
Bulletins:
CVE-2010-4689
SFBID45768
Severity:
High
Description:
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4690
Title:
Cisco Adaptive Security Appliances (ASA) Mobile User Security Service HTTP HEAD Request Remote Information Disclosure
Type:
Hardware
Bulletins:
CVE-2010-4690
SFBID45768
Severity:
Medium
Description:
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4691
Title:
Cisco Adaptive Security Appliances
Type:
Hardware
Bulletins:
CVE-2010-4691
SFBID45768
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24

ID:
CVE-2010-4692
Title:
Cisco Adaptive Security Appliances (ASA) LAN-to-LAN IPsec Session Saturation Remote DoS
Type:
Hardware
Bulletins:
CVE-2010-4692
SFBID45768
Severity:
High
Description:
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592.
Applies to:
Cisco ASA 5500 Adaptive Security Appliance
Created:
2011-01-07
Updated:
2017-04-24