cpe:/a:zaal:tgt:0.9.5 cpe:/a:zaal:tgt:1.0.0 cpe:/a:zaal:tgt:1.0.1 cpe:/a:zaal:tgt:1.0.2 cpe:/a:zaal:tgt:1.0.3 cpe:/a:zaal:tgt:1.0.4 cpe:/a:zaal:tgt:1.0.5 cpe:/a:zaal:tgt:1.0.6 cpe:/a:zaal:tgt:1.0.7 cpe:/a:zaal:tgt:1.0.8 cpe:/a:zaal:tgt:1.0.9 cpe:/a:zaal:tgt:1.0.10 cpe:/a:zaal:tgt:1.0.11 cpe:/a:zaal:tgt:1.0.12 cpe:/a:zaal:tgt:1.0.13

CVE-2011-0001

2011-03-15T13:55:02.420-04:00

2017-08-16T21:33:22.277-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SUSE SUSE-SR:2011:009 MLIST [stgt] 20110309 [PATCH] iscsi: fix buffer overflow before login DEBIAN DSA-2209 REDHAT RHSA-2011:0332 BID 46817 SECTRACK 1025184 VUPEN ADV-2011-0636 MISC https://bugzilla.redhat.com/attachment.cgi?id=473779&action=diff CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=667261 XF lstf-iscsirxhandler-dos(66010) Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.

cpe:/a:miloslav_trmac:libuser:0.1 cpe:/a:miloslav_trmac:libuser:0.2 cpe:/a:miloslav_trmac:libuser:0.3 cpe:/a:miloslav_trmac:libuser:0.4 cpe:/a:miloslav_trmac:libuser:0.5 cpe:/a:miloslav_trmac:libuser:0.6 cpe:/a:miloslav_trmac:libuser:0.7 cpe:/a:miloslav_trmac:libuser:0.8 cpe:/a:miloslav_trmac:libuser:0.8.1 cpe:/a:miloslav_trmac:libuser:0.8.2 cpe:/a:miloslav_trmac:libuser:0.9 cpe:/a:miloslav_trmac:libuser:0.10 cpe:/a:miloslav_trmac:libuser:0.11 cpe:/a:miloslav_trmac:libuser:0.16.1 cpe:/a:miloslav_trmac:libuser:0.18 cpe:/a:miloslav_trmac:libuser:0.20 cpe:/a:miloslav_trmac:libuser:0.21 cpe:/a:miloslav_trmac:libuser:0.23 cpe:/a:miloslav_trmac:libuser:0.24-3 cpe:/a:miloslav_trmac:libuser:0.24-4 cpe:/a:miloslav_trmac:libuser:0.25 cpe:/a:miloslav_trmac:libuser:0.25.1 cpe:/a:miloslav_trmac:libuser:0.26 cpe:/a:miloslav_trmac:libuser:0.27 cpe:/a:miloslav_trmac:libuser:0.28 cpe:/a:miloslav_trmac:libuser:0.29 cpe:/a:miloslav_trmac:libuser:0.30 cpe:/a:miloslav_trmac:libuser:0.31 cpe:/a:miloslav_trmac:libuser:0.32 cpe:/a:miloslav_trmac:libuser:0.49.90 cpe:/a:miloslav_trmac:libuser:0.49.91 cpe:/a:miloslav_trmac:libuser:0.49.92 cpe:/a:miloslav_trmac:libuser:0.49.93 cpe:/a:miloslav_trmac:libuser:0.49.95 cpe:/a:miloslav_trmac:libuser:0.49.96 cpe:/a:miloslav_trmac:libuser:0.49.97 cpe:/a:miloslav_trmac:libuser:0.49.98 cpe:/a:miloslav_trmac:libuser:0.49.99 cpe:/a:miloslav_trmac:libuser:0.49.100 cpe:/a:miloslav_trmac:libuser:0.49.101-1 cpe:/a:miloslav_trmac:libuser:0.49.101-2 cpe:/a:miloslav_trmac:libuser:0.49.102 cpe:/a:miloslav_trmac:libuser:0.50 cpe:/a:miloslav_trmac:libuser:0.50.2 cpe:/a:miloslav_trmac:libuser:0.51 cpe:/a:miloslav_trmac:libuser:0.51.1-1 cpe:/a:miloslav_trmac:libuser:0.51.1-2 cpe:/a:miloslav_trmac:libuser:0.51.2 cpe:/a:miloslav_trmac:libuser:0.51.4 cpe:/a:miloslav_trmac:libuser:0.51.5 cpe:/a:miloslav_trmac:libuser:0.51.6 cpe:/a:miloslav_trmac:libuser:0.51.7 cpe:/a:miloslav_trmac:libuser:0.51.7-3 cpe:/a:miloslav_trmac:libuser:0.51.7-7 cpe:/a:miloslav_trmac:libuser:0.51.8 cpe:/a:miloslav_trmac:libuser:0.51.9 cpe:/a:miloslav_trmac:libuser:0.51.10 cpe:/a:miloslav_trmac:libuser:0.51.11 cpe:/a:miloslav_trmac:libuser:0.51.12 cpe:/a:miloslav_trmac:libuser:0.52 cpe:/a:miloslav_trmac:libuser:0.52.1 cpe:/a:miloslav_trmac:libuser:0.52.2 cpe:/a:miloslav_trmac:libuser:0.52.3 cpe:/a:miloslav_trmac:libuser:0.52.4 cpe:/a:miloslav_trmac:libuser:0.52.5 cpe:/a:miloslav_trmac:libuser:0.52.6 cpe:/a:miloslav_trmac:libuser:0.53 cpe:/a:miloslav_trmac:libuser:0.53.1 cpe:/a:miloslav_trmac:libuser:0.53.2 cpe:/a:miloslav_trmac:libuser:0.53.3 cpe:/a:miloslav_trmac:libuser:0.53.4 cpe:/a:miloslav_trmac:libuser:0.53.5 cpe:/a:miloslav_trmac:libuser:0.53.6 cpe:/a:miloslav_trmac:libuser:0.53.7 cpe:/a:miloslav_trmac:libuser:0.53.8 cpe:/a:miloslav_trmac:libuser:0.54 cpe:/a:miloslav_trmac:libuser:0.54.1 cpe:/a:miloslav_trmac:libuser:0.54.2 cpe:/a:miloslav_trmac:libuser:0.54.3 cpe:/a:miloslav_trmac:libuser:0.54.4 cpe:/a:miloslav_trmac:libuser:0.54.5 cpe:/a:miloslav_trmac:libuser:0.54.6 cpe:/a:miloslav_trmac:libuser:0.54.7 cpe:/a:miloslav_trmac:libuser:0.54.8 cpe:/a:miloslav_trmac:libuser:0.55 cpe:/a:miloslav_trmac:libuser:0.56 cpe:/a:miloslav_trmac:libuser:0.56.1 cpe:/a:miloslav_trmac:libuser:0.56.2 cpe:/a:miloslav_trmac:libuser:0.56.3 cpe:/a:miloslav_trmac:libuser:0.56.4 cpe:/a:miloslav_trmac:libuser:0.56.5 cpe:/a:miloslav_trmac:libuser:0.56.6 cpe:/a:miloslav_trmac:libuser:0.56.7 cpe:/a:miloslav_trmac:libuser:0.56.8 cpe:/a:miloslav_trmac:libuser:0.56.9 cpe:/a:miloslav_trmac:libuser:0.56.10 cpe:/a:miloslav_trmac:libuser:0.56.11 cpe:/a:miloslav_trmac:libuser:0.56.12 cpe:/a:miloslav_trmac:libuser:0.56.13 cpe:/a:miloslav_trmac:libuser:0.56.14 cpe:/a:miloslav_trmac:libuser:0.56.15 cpe:/a:miloslav_trmac:libuser:0.56.16 cpe:/a:miloslav_trmac:libuser:0.56.17 cpe:/a:miloslav_trmac:libuser:0.56.18

CVE-2011-0002

2011-01-22T17:00:06.677-05:00

2017-08-16T21:33:22.337-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 FEDORA FEDORA-2011-0316 FEDORA FEDORA-2011-0320 SECTRACK 1024960 MANDRIVA MDVSA-2011:019 REDHAT RHSA-2011:0170 BID 45791 VUPEN ADV-2011-0184 VUPEN ADV-2011-0201 VUPEN ADV-2011-0226 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=643227 XF libuser-password-security-bypass(64677) CONFIRM https://fedorahosted.org/libuser/browser/NEWS?rev=libuser-0.57 libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.

cpe:/a:mediawiki:mediawiki:1.1.0 cpe:/a:mediawiki:mediawiki:1.2.0 cpe:/a:mediawiki:mediawiki:1.2.1 cpe:/a:mediawiki:mediawiki:1.2.2 cpe:/a:mediawiki:mediawiki:1.2.3 cpe:/a:mediawiki:mediawiki:1.2.4 cpe:/a:mediawiki:mediawiki:1.2.5 cpe:/a:mediawiki:mediawiki:1.2.6 cpe:/a:mediawiki:mediawiki:1.3 cpe:/a:mediawiki:mediawiki:1.3.0 cpe:/a:mediawiki:mediawiki:1.3.1 cpe:/a:mediawiki:mediawiki:1.3.2 cpe:/a:mediawiki:mediawiki:1.3.3 cpe:/a:mediawiki:mediawiki:1.3.4 cpe:/a:mediawiki:mediawiki:1.3.5 cpe:/a:mediawiki:mediawiki:1.3.6 cpe:/a:mediawiki:mediawiki:1.3.7 cpe:/a:mediawiki:mediawiki:1.3.8 cpe:/a:mediawiki:mediawiki:1.3.9 cpe:/a:mediawiki:mediawiki:1.3.10 cpe:/a:mediawiki:mediawiki:1.3.11 cpe:/a:mediawiki:mediawiki:1.3.12 cpe:/a:mediawiki:mediawiki:1.3.13 cpe:/a:mediawiki:mediawiki:1.3.14 cpe:/a:mediawiki:mediawiki:1.3.15 cpe:/a:mediawiki:mediawiki:1.4:beta1 cpe:/a:mediawiki:mediawiki:1.4:beta2 cpe:/a:mediawiki:mediawiki:1.4:beta3 cpe:/a:mediawiki:mediawiki:1.4:beta4 cpe:/a:mediawiki:mediawiki:1.4:beta5 cpe:/a:mediawiki:mediawiki:1.4:beta6 cpe:/a:mediawiki:mediawiki:1.4.0 cpe:/a:mediawiki:mediawiki:1.4.1 cpe:/a:mediawiki:mediawiki:1.4.2 cpe:/a:mediawiki:mediawiki:1.4.3 cpe:/a:mediawiki:mediawiki:1.4.4 cpe:/a:mediawiki:mediawiki:1.4.5 cpe:/a:mediawiki:mediawiki:1.4.6 cpe:/a:mediawiki:mediawiki:1.4.7 cpe:/a:mediawiki:mediawiki:1.4.8 cpe:/a:mediawiki:mediawiki:1.4.9 cpe:/a:mediawiki:mediawiki:1.4.10 cpe:/a:mediawiki:mediawiki:1.4.11 cpe:/a:mediawiki:mediawiki:1.4.12 cpe:/a:mediawiki:mediawiki:1.4.13 cpe:/a:mediawiki:mediawiki:1.4.14 cpe:/a:mediawiki:mediawiki:1.5:alpha1 cpe:/a:mediawiki:mediawiki:1.5:alpha2 cpe:/a:mediawiki:mediawiki:1.5:beta1 cpe:/a:mediawiki:mediawiki:1.5:beta2 cpe:/a:mediawiki:mediawiki:1.5:beta3 cpe:/a:mediawiki:mediawiki:1.5:beta4 cpe:/a:mediawiki:mediawiki:1.5:rc2 cpe:/a:mediawiki:mediawiki:1.5:rc3 cpe:/a:mediawiki:mediawiki:1.5:rc4 cpe:/a:mediawiki:mediawiki:1.5.0 cpe:/a:mediawiki:mediawiki:1.5.1 cpe:/a:mediawiki:mediawiki:1.5.2 cpe:/a:mediawiki:mediawiki:1.5.3 cpe:/a:mediawiki:mediawiki:1.5.4 cpe:/a:mediawiki:mediawiki:1.5.5 cpe:/a:mediawiki:mediawiki:1.5.6 cpe:/a:mediawiki:mediawiki:1.5.7 cpe:/a:mediawiki:mediawiki:1.5.8 cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.6.5 cpe:/a:mediawiki:mediawiki:1.6.5_r14348 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.6.7 cpe:/a:mediawiki:mediawiki:1.6.8 cpe:/a:mediawiki:mediawiki:1.6.9 cpe:/a:mediawiki:mediawiki:1.6.10 cpe:/a:mediawiki:mediawiki:1.6.12 cpe:/a:mediawiki:mediawiki:1.7.0 cpe:/a:mediawiki:mediawiki:1.7.1 cpe:/a:mediawiki:mediawiki:1.7.2 cpe:/a:mediawiki:mediawiki:1.7.3 cpe:/a:mediawiki:mediawiki:1.8.0 cpe:/a:mediawiki:mediawiki:1.8.1 cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.8.3 cpe:/a:mediawiki:mediawiki:1.8.4 cpe:/a:mediawiki:mediawiki:1.8.5 cpe:/a:mediawiki:mediawiki:1.9.0 cpe:/a:mediawiki:mediawiki:1.9.0:rc2 cpe:/a:mediawiki:mediawiki:1.9.1 cpe:/a:mediawiki:mediawiki:1.9.2 cpe:/a:mediawiki:mediawiki:1.9.3 cpe:/a:mediawiki:mediawiki:1.9.4 cpe:/a:mediawiki:mediawiki:1.9.5 cpe:/a:mediawiki:mediawiki:1.9.6 cpe:/a:mediawiki:mediawiki:1.10.0 cpe:/a:mediawiki:mediawiki:1.10.0:rc1 cpe:/a:mediawiki:mediawiki:1.10.0:rc2 cpe:/a:mediawiki:mediawiki:1.10.1 cpe:/a:mediawiki:mediawiki:1.10.2 cpe:/a:mediawiki:mediawiki:1.10.3 cpe:/a:mediawiki:mediawiki:1.10.4 cpe:/a:mediawiki:mediawiki:1.11 cpe:/a:mediawiki:mediawiki:1.11:rc1 cpe:/a:mediawiki:mediawiki:1.11.0 cpe:/a:mediawiki:mediawiki:1.11.0:rc1 cpe:/a:mediawiki:mediawiki:1.11.1 cpe:/a:mediawiki:mediawiki:1.11.2 cpe:/a:mediawiki:mediawiki:1.12.0 cpe:/a:mediawiki:mediawiki:1.12.0:rc1 cpe:/a:mediawiki:mediawiki:1.12.1 cpe:/a:mediawiki:mediawiki:1.12.2 cpe:/a:mediawiki:mediawiki:1.12.3 cpe:/a:mediawiki:mediawiki:1.12.4 cpe:/a:mediawiki:mediawiki:1.13.0 cpe:/a:mediawiki:mediawiki:1.13.0:rc1 cpe:/a:mediawiki:mediawiki:1.13.0:rc2 cpe:/a:mediawiki:mediawiki:1.13.1 cpe:/a:mediawiki:mediawiki:1.13.2 cpe:/a:mediawiki:mediawiki:1.13.3 cpe:/a:mediawiki:mediawiki:1.13.4 cpe:/a:mediawiki:mediawiki:1.14.0 cpe:/a:mediawiki:mediawiki:1.14.0:rc1 cpe:/a:mediawiki:mediawiki:1.14.1 cpe:/a:mediawiki:mediawiki:1.15.0 cpe:/a:mediawiki:mediawiki:1.15.0:rc1 cpe:/a:mediawiki:mediawiki:1.15.1 cpe:/a:mediawiki:mediawiki:1.15.2 cpe:/a:mediawiki:mediawiki:1.15.3 cpe:/a:mediawiki:mediawiki:1.16.0 cpe:/a:mediawiki:mediawiki:1.16.0:beta1 cpe:/a:mediawiki:mediawiki:1.16.0:beta2 cpe:/a:mediawiki:mediawiki:stable_2003-08-29 cpe:/a:mediawiki:mediawiki:stable_2003-11-07 cpe:/a:mediawiki:mediawiki:stable_2003-11-17

CVE-2011-0003

2011-01-10T22:00:05.017-05:00

2017-08-16T21:33:22.417-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov FEDORA FEDORA-2011-5848 FEDORA FEDORA-2011-5812 FEDORA FEDORA-2011-5807 MLIST [MediaWiki-announce] 20110104 MediaWiki security release 1.16.1 MLIST [oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki MLIST [oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki VUPEN ADV-2011-0017 CONFIRM https://bugzilla.wikimedia.org/show_bug.cgi?id=26561 XF mediawiki-frames-clickjacking(64476) MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

cpe:/a:piwik:piwik:0.1 cpe:/a:piwik:piwik:0.1.1 cpe:/a:piwik:piwik:0.1.2 cpe:/a:piwik:piwik:0.1.3 cpe:/a:piwik:piwik:0.1.4 cpe:/a:piwik:piwik:0.1.5 cpe:/a:piwik:piwik:0.1.6 cpe:/a:piwik:piwik:0.1.7 cpe:/a:piwik:piwik:0.1.8 cpe:/a:piwik:piwik:0.1.9 cpe:/a:piwik:piwik:0.1.10 cpe:/a:piwik:piwik:0.2.1 cpe:/a:piwik:piwik:0.2.2 cpe:/a:piwik:piwik:0.2.3 cpe:/a:piwik:piwik:0.2.4 cpe:/a:piwik:piwik:0.2.5 cpe:/a:piwik:piwik:0.2.6 cpe:/a:piwik:piwik:0.2.7 cpe:/a:piwik:piwik:0.2.8 cpe:/a:piwik:piwik:0.2.9 cpe:/a:piwik:piwik:0.2.10 cpe:/a:piwik:piwik:0.2.11 cpe:/a:piwik:piwik:0.2.12 cpe:/a:piwik:piwik:0.2.13 cpe:/a:piwik:piwik:0.2.14 cpe:/a:piwik:piwik:0.2.16 cpe:/a:piwik:piwik:0.2.17 cpe:/a:piwik:piwik:0.2.18 cpe:/a:piwik:piwik:0.2.19 cpe:/a:piwik:piwik:0.2.20 cpe:/a:piwik:piwik:0.2.22 cpe:/a:piwik:piwik:0.2.23 cpe:/a:piwik:piwik:0.2.24 cpe:/a:piwik:piwik:0.2.25 cpe:/a:piwik:piwik:0.2.26 cpe:/a:piwik:piwik:0.2.27 cpe:/a:piwik:piwik:0.2.28 cpe:/a:piwik:piwik:0.2.29 cpe:/a:piwik:piwik:0.2.30 cpe:/a:piwik:piwik:0.2.31 cpe:/a:piwik:piwik:0.2.32 cpe:/a:piwik:piwik:0.2.33 cpe:/a:piwik:piwik:0.2.34 cpe:/a:piwik:piwik:0.2.35 cpe:/a:piwik:piwik:0.2.36 cpe:/a:piwik:piwik:0.2.37 cpe:/a:piwik:piwik:0.4 cpe:/a:piwik:piwik:0.4:rc1 cpe:/a:piwik:piwik:0.4:rc2 cpe:/a:piwik:piwik:0.4:rc3 cpe:/a:piwik:piwik:0.4.1 cpe:/a:piwik:piwik:0.4.1:rc1 cpe:/a:piwik:piwik:0.4.2 cpe:/a:piwik:piwik:0.4.3 cpe:/a:piwik:piwik:0.4.4 cpe:/a:piwik:piwik:0.4.5 cpe:/a:piwik:piwik:0.5 cpe:/a:piwik:piwik:0.5.1 cpe:/a:piwik:piwik:0.5.2 cpe:/a:piwik:piwik:0.5.3 cpe:/a:piwik:piwik:0.5.4 cpe:/a:piwik:piwik:0.5.5 cpe:/a:piwik:piwik:0.6 cpe:/a:piwik:piwik:0.6.1 cpe:/a:piwik:piwik:0.6.2 cpe:/a:piwik:piwik:0.6.3 cpe:/a:piwik:piwik:0.6.3:rc1 cpe:/a:piwik:piwik:0.6.3:rc2 cpe:/a:piwik:piwik:0.6.4 cpe:/a:piwik:piwik:0.7 cpe:/a:piwik:piwik:0.8 cpe:/a:piwik:piwik:0.9 cpe:/a:piwik:piwik:0.9.9 cpe:/a:piwik:piwik:1.0

CVE-2011-0004

2011-01-10T15:00:17.000-05:00

2011-02-25T01:58:20.407-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MLIST [oss-security] 20110105 CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 MLIST [oss-security] 20110106 Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-2/ CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-security-advisory/ CONFIRM http://piwik.org/blog/2011/01/professional-security-audit-in-piwik/ BID 45659 VUPEN ADV-2011-0013 Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:joomla:com_search

CVE-2011-0005

2011-01-10T22:00:05.297-05:00

2018-10-10T16:09:21.060-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov MISC http://packetstormsecurity.org/files/view/97273/joomla1015-xss.txt BUGTRAQ 20110105 Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability BUGTRAQ 20110107 Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability BID 45679 XF joomla-ordering-xss(64539) Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.

cpe:/o:linux:linux_kernel:2.6.36.1 cpe:/o:linux:linux_kernel:2.6.36.2 cpe:/o:linux:linux_kernel:2.6.36.3 cpe:/o:linux:linux_kernel:2.6.36.4

CVE-2011-0006

2012-06-21T19:55:01.787-04:00

2012-06-26T00:00:00.000-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2012-06-22T11:22:00.000-04:00

CONFIRM http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=867c20265459d30a01b021a9c1e81fb4c5832aa9 MLIST [oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28] CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=667912 CONFIRM https://github.com/torvalds/linux/commit/867c20265459d30a01b021a9c1e81fb4c5832aa9 The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

cpe:/a:troglobit:pimd:2.1.5

CVE-2011-0007

2011-01-10T22:00:05.360-05:00

2017-08-16T21:33:22.527-04:00

3.3

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov DEBIAN DSA-2147 MLIST [oss-security] 20110107 CVE Request - pimd - Insecure file creation in /var/tmp MLIST [oss-security] 20110107 Re: CVE Request - pimd - Insecure file creation in /var/tmp BID 45715 VUPEN ADV-2011-0113 XF pimd-pimd-symlink(64528) pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.

cpe:/a:todd_miller:sudo:1.3.1 cpe:/a:todd_miller:sudo:1.5 cpe:/a:todd_miller:sudo:1.5.2 cpe:/a:todd_miller:sudo:1.5.3 cpe:/a:todd_miller:sudo:1.5.6 cpe:/a:todd_miller:sudo:1.5.7 cpe:/a:todd_miller:sudo:1.5.8 cpe:/a:todd_miller:sudo:1.5.9 cpe:/a:todd_miller:sudo:1.6 cpe:/a:todd_miller:sudo:1.6.1 cpe:/a:todd_miller:sudo:1.6.2 cpe:/a:todd_miller:sudo:1.6.2p1 cpe:/a:todd_miller:sudo:1.6.2p2 cpe:/a:todd_miller:sudo:1.6.2p3 cpe:/a:todd_miller:sudo:1.6.3 cpe:/a:todd_miller:sudo:1.6.3_p1 cpe:/a:todd_miller:sudo:1.6.3_p2 cpe:/a:todd_miller:sudo:1.6.3_p3 cpe:/a:todd_miller:sudo:1.6.3_p4 cpe:/a:todd_miller:sudo:1.6.3_p5 cpe:/a:todd_miller:sudo:1.6.3_p6 cpe:/a:todd_miller:sudo:1.6.3_p7 cpe:/a:todd_miller:sudo:1.6.3p1 cpe:/a:todd_miller:sudo:1.6.3p2 cpe:/a:todd_miller:sudo:1.6.3p3 cpe:/a:todd_miller:sudo:1.6.3p4 cpe:/a:todd_miller:sudo:1.6.3p5 cpe:/a:todd_miller:sudo:1.6.3p6 cpe:/a:todd_miller:sudo:1.6.3p7 cpe:/a:todd_miller:sudo:1.6.4 cpe:/a:todd_miller:sudo:1.6.4_p1 cpe:/a:todd_miller:sudo:1.6.4_p2 cpe:/a:todd_miller:sudo:1.6.4p1 cpe:/a:todd_miller:sudo:1.6.4p2 cpe:/a:todd_miller:sudo:1.6.5 cpe:/a:todd_miller:sudo:1.6.5_p1 cpe:/a:todd_miller:sudo:1.6.5_p2 cpe:/a:todd_miller:sudo:1.6.5p1 cpe:/a:todd_miller:sudo:1.6.5p2 cpe:/a:todd_miller:sudo:1.6.6 cpe:/a:todd_miller:sudo:1.6.7 cpe:/a:todd_miller:sudo:1.6.7_p5 cpe:/a:todd_miller:sudo:1.6.7p1 cpe:/a:todd_miller:sudo:1.6.7p2 cpe:/a:todd_miller:sudo:1.6.7p3 cpe:/a:todd_miller:sudo:1.6.7p4 cpe:/a:todd_miller:sudo:1.6.7p5 cpe:/a:todd_miller:sudo:1.6.8 cpe:/a:todd_miller:sudo:1.6.8_p1 cpe:/a:todd_miller:sudo:1.6.8_p2 cpe:/a:todd_miller:sudo:1.6.8_p5 cpe:/a:todd_miller:sudo:1.6.8_p7 cpe:/a:todd_miller:sudo:1.6.8_p8 cpe:/a:todd_miller:sudo:1.6.8_p9 cpe:/a:todd_miller:sudo:1.6.8_p12 cpe:/a:todd_miller:sudo:1.6.8p1 cpe:/a:todd_miller:sudo:1.6.8p2 cpe:/a:todd_miller:sudo:1.6.8p3 cpe:/a:todd_miller:sudo:1.6.8p4 cpe:/a:todd_miller:sudo:1.6.8p5 cpe:/a:todd_miller:sudo:1.6.8p6 cpe:/a:todd_miller:sudo:1.6.8p7 cpe:/a:todd_miller:sudo:1.6.8p8 cpe:/a:todd_miller:sudo:1.6.8p9 cpe:/a:todd_miller:sudo:1.6.8p10 cpe:/a:todd_miller:sudo:1.6.8p11 cpe:/a:todd_miller:sudo:1.6.8p12 cpe:/a:todd_miller:sudo:1.6.9 cpe:/a:todd_miller:sudo:1.6.9_p17 cpe:/a:todd_miller:sudo:1.6.9_p18 cpe:/a:todd_miller:sudo:1.6.9_p19 cpe:/a:todd_miller:sudo:1.6.9_p20 cpe:/a:todd_miller:sudo:1.6.9_p21 cpe:/a:todd_miller:sudo:1.6.9_p22 cpe:/a:todd_miller:sudo:1.6.9p1 cpe:/a:todd_miller:sudo:1.6.9p2 cpe:/a:todd_miller:sudo:1.6.9p3 cpe:/a:todd_miller:sudo:1.6.9p4 cpe:/a:todd_miller:sudo:1.6.9p5 cpe:/a:todd_miller:sudo:1.6.9p6 cpe:/a:todd_miller:sudo:1.6.9p7 cpe:/a:todd_miller:sudo:1.6.9p8 cpe:/a:todd_miller:sudo:1.6.9p9 cpe:/a:todd_miller:sudo:1.6.9p10 cpe:/a:todd_miller:sudo:1.6.9p11 cpe:/a:todd_miller:sudo:1.6.9p12 cpe:/a:todd_miller:sudo:1.6.9p13 cpe:/a:todd_miller:sudo:1.6.9p14 cpe:/a:todd_miller:sudo:1.6.9p15 cpe:/a:todd_miller:sudo:1.6.9p16 cpe:/a:todd_miller:sudo:1.6.9p17 cpe:/a:todd_miller:sudo:1.6.9p18 cpe:/a:todd_miller:sudo:1.6.9p19 cpe:/a:todd_miller:sudo:1.6.9p20 cpe:/a:todd_miller:sudo:1.6.9p21 cpe:/a:todd_miller:sudo:1.6.9p22 cpe:/a:todd_miller:sudo:1.6.9p23 cpe:/a:todd_miller:sudo:1.7.0 cpe:/a:todd_miller:sudo:1.7.1 cpe:/a:todd_miller:sudo:1.7.2 cpe:/a:todd_miller:sudo:1.7.2p1 cpe:/a:todd_miller:sudo:1.7.2p2 cpe:/a:todd_miller:sudo:1.7.2p3 cpe:/a:todd_miller:sudo:1.7.2p4 cpe:/a:todd_miller:sudo:1.7.2p5 cpe:/a:todd_miller:sudo:1.7.2p6 cpe:/a:todd_miller:sudo:1.7.2p7 cpe:/a:todd_miller:sudo:1.7.3b1 cpe:/a:todd_miller:sudo:1.7.4 cpe:/a:todd_miller:sudo:1.7.4p1 cpe:/a:todd_miller:sudo:1.7.4p2 cpe:/a:todd_miller:sudo:1.7.4p3 cpe:/a:todd_miller:sudo:1.7.4p4 cpe:/a:todd_miller:sudo:1.7.4p5

CVE-2011-0008

2011-01-20T14:00:07.443-05:00

2017-08-16T21:33:22.603-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

FEDORA FEDORA-2011-0470 FEDORA FEDORA-2011-0455 MANDRIVA MDVSA-2011:018 VUPEN ADV-2011-0195 VUPEN ADV-2011-0199 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=668843 XF sudo-parse-privilege-escalation(64965) A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

cpe:/a:bestpractical:rt:3.0.0 cpe:/a:bestpractical:rt:3.0.1 cpe:/a:bestpractical:rt:3.0.2 cpe:/a:bestpractical:rt:3.0.3 cpe:/a:bestpractical:rt:3.0.4 cpe:/a:bestpractical:rt:3.0.5 cpe:/a:bestpractical:rt:3.0.6 cpe:/a:bestpractical:rt:3.0.7 cpe:/a:bestpractical:rt:3.0.7.1 cpe:/a:bestpractical:rt:3.0.8 cpe:/a:bestpractical:rt:3.0.9 cpe:/a:bestpractical:rt:3.0.10 cpe:/a:bestpractical:rt:3.0.10:pre1 cpe:/a:bestpractical:rt:3.0.10:pre2 cpe:/a:bestpractical:rt:3.0.10:rc1 cpe:/a:bestpractical:rt:3.0.11 cpe:/a:bestpractical:rt:3.0.11:rc2 cpe:/a:bestpractical:rt:3.0.11:rc3 cpe:/a:bestpractical:rt:3.0.11:rc4 cpe:/a:bestpractical:rt:3.0.12 cpe:/a:bestpractical:rt:3.1.2 cpe:/a:bestpractical:rt:3.1.3 cpe:/a:bestpractical:rt:3.1.4 cpe:/a:bestpractical:rt:3.1.5 cpe:/a:bestpractical:rt:3.1.6 cpe:/a:bestpractical:rt:3.1.7 cpe:/a:bestpractical:rt:3.1.8 cpe:/a:bestpractical:rt:3.1.10 cpe:/a:bestpractical:rt:3.1.11 cpe:/a:bestpractical:rt:3.1.12 cpe:/a:bestpractical:rt:3.1.13 cpe:/a:bestpractical:rt:3.1.14 cpe:/a:bestpractical:rt:3.1.15 cpe:/a:bestpractical:rt:3.1.16 cpe:/a:bestpractical:rt:3.1.17 cpe:/a:bestpractical:rt:3.2.0 cpe:/a:bestpractical:rt:3.2.0:rc1 cpe:/a:bestpractical:rt:3.2.0:rc2 cpe:/a:bestpractical:rt:3.2.0:rc3 cpe:/a:bestpractical:rt:3.2.0:rc4 cpe:/a:bestpractical:rt:3.2.1 cpe:/a:bestpractical:rt:3.2.1:rc1 cpe:/a:bestpractical:rt:3.2.1:rc2 cpe:/a:bestpractical:rt:3.2.1:rc3 cpe:/a:bestpractical:rt:3.2.1:rc4 cpe:/a:bestpractical:rt:3.2.2 cpe:/a:bestpractical:rt:3.2.2:rc1 cpe:/a:bestpractical:rt:3.2.3 cpe:/a:bestpractical:rt:3.2.3:rc1 cpe:/a:bestpractical:rt:3.2.3:rc2 cpe:/a:bestpractical:rt:3.4.0 cpe:/a:bestpractical:rt:3.4.0:rc1 cpe:/a:bestpractical:rt:3.4.0:rc2 cpe:/a:bestpractical:rt:3.4.0:rc3 cpe:/a:bestpractical:rt:3.4.0:rc4 cpe:/a:bestpractical:rt:3.4.0:rc5 cpe:/a:bestpractical:rt:3.4.0:rc6 cpe:/a:bestpractical:rt:3.4.1 cpe:/a:bestpractical:rt:3.4.2 cpe:/a:bestpractical:rt:3.4.2:rc1 cpe:/a:bestpractical:rt:3.4.2:rc2 cpe:/a:bestpractical:rt:3.4.3 cpe:/a:bestpractical:rt:3.4.3:rc1 cpe:/a:bestpractical:rt:3.4.3:rc2 cpe:/a:bestpractical:rt:3.4.4 cpe:/a:bestpractical:rt:3.4.4:pre1 cpe:/a:bestpractical:rt:3.4.4:pre2 cpe:/a:bestpractical:rt:3.4.4:pre3 cpe:/a:bestpractical:rt:3.4.5 cpe:/a:bestpractical:rt:3.4.5:pre1 cpe:/a:bestpractical:rt:3.4.5:rc1 cpe:/a:bestpractical:rt:3.4.5:rc2 cpe:/a:bestpractical:rt:3.4.6 cpe:/a:bestpractical:rt:3.4.6:rc1 cpe:/a:bestpractical:rt:3.4.6:rc2 cpe:/a:bestpractical:rt:3.4.7:rc1 cpe:/a:bestpractical:rt:3.5.1 cpe:/a:bestpractical:rt:3.5.2 cpe:/a:bestpractical:rt:3.5.3 cpe:/a:bestpractical:rt:3.5.4 cpe:/a:bestpractical:rt:3.5.5 cpe:/a:bestpractical:rt:3.5.6 cpe:/a:bestpractical:rt:3.5.7 cpe:/a:bestpractical:rt:3.6.0 cpe:/a:bestpractical:rt:3.6.0:pre0 cpe:/a:bestpractical:rt:3.6.0:pre1 cpe:/a:bestpractical:rt:3.6.0:rc1 cpe:/a:bestpractical:rt:3.6.0:rc2 cpe:/a:bestpractical:rt:3.6.0:rc3 cpe:/a:bestpractical:rt:3.6.1 cpe:/a:bestpractical:rt:3.6.1:pre2 cpe:/a:bestpractical:rt:3.6.1:rc1 cpe:/a:bestpractical:rt:3.6.1:rc2 cpe:/a:bestpractical:rt:3.6.2 cpe:/a:bestpractical:rt:3.6.2:rc1 cpe:/a:bestpractical:rt:3.6.2:rc3 cpe:/a:bestpractical:rt:3.6.2:rc4 cpe:/a:bestpractical:rt:3.6.2:rc5 cpe:/a:bestpractical:rt:3.6.3 cpe:/a:bestpractical:rt:3.6.3:rc1 cpe:/a:bestpractical:rt:3.6.3:rc2 cpe:/a:bestpractical:rt:3.6.3:rc3 cpe:/a:bestpractical:rt:3.6.3:rc4 cpe:/a:bestpractical:rt:3.6.4 cpe:/a:bestpractical:rt:3.6.4:rc1 cpe:/a:bestpractical:rt:3.6.4:rc2 cpe:/a:bestpractical:rt:3.6.5 cpe:/a:bestpractical:rt:3.6.5:rc1 cpe:/a:bestpractical:rt:3.6.5:rc2 cpe:/a:bestpractical:rt:3.6.6 cpe:/a:bestpractical:rt:3.6.6:rc1 cpe:/a:bestpractical:rt:3.6.6:rc2 cpe:/a:bestpractical:rt:3.6.6:rc3 cpe:/a:bestpractical:rt:3.6.7 cpe:/a:bestpractical:rt:3.6.8 cpe:/a:bestpractical:rt:3.6.9 cpe:/a:bestpractical:rt:3.7.1 cpe:/a:bestpractical:rt:3.7.5 cpe:/a:bestpractical:rt:3.7.80 cpe:/a:bestpractical:rt:3.7.85 cpe:/a:bestpractical:rt:3.7.86 cpe:/a:bestpractical:rt:3.8.0 cpe:/a:bestpractical:rt:3.8.0:rc1 cpe:/a:bestpractical:rt:3.8.0:rc2 cpe:/a:bestpractical:rt:3.8.0:rc3 cpe:/a:bestpractical:rt:3.8.1 cpe:/a:bestpractical:rt:3.8.1:rc1 cpe:/a:bestpractical:rt:3.8.1:rc2 cpe:/a:bestpractical:rt:3.8.1:rc3 cpe:/a:bestpractical:rt:3.8.1:rc4 cpe:/a:bestpractical:rt:3.8.1:rc5 cpe:/a:bestpractical:rt:3.8.2 cpe:/a:bestpractical:rt:3.8.2:rc1 cpe:/a:bestpractical:rt:3.8.2:rc2 cpe:/a:bestpractical:rt:3.8.3 cpe:/a:bestpractical:rt:3.8.3:rc1 cpe:/a:bestpractical:rt:3.8.3:rc2 cpe:/a:bestpractical:rt:3.8.4 cpe:/a:bestpractical:rt:3.8.4:rc1 cpe:/a:bestpractical:rt:3.8.5 cpe:/a:bestpractical:rt:3.8.6 cpe:/a:bestpractical:rt:3.8.6:rc1 cpe:/a:bestpractical:rt:3.8.7:rc1 cpe:/a:bestpractical:rt:3.8.8:rc2 cpe:/a:bestpractical:rt:3.8.8:rc3 cpe:/a:bestpractical:rt:3.8.8:rc4 cpe:/a:bestpractical:rt:3.8.9:rc1 cpe:/a:bestpractical:rt:4.0.0:rc1 cpe:/a:bestpractical:rt:4.0.0:rc2 cpe:/a:bestpractical:rt:4.0.0:rc3

CVE-2011-0009

2011-01-25T14:00:03.810-05:00

2011-07-20T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-25T15:29:00.000-05:00

CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850 MLIST [rt-announce] 20110119 Security vulnerability in RT 3.0 and up FEDORA FEDORA-2011-1677 DEBIAN DSA-2150 BID 45959 VUPEN ADV-2011-0190 VUPEN ADV-2011-0475 VUPEN ADV-2011-0576 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=672250 Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

cpe:/a:todd_miller:sudo:1.7.0 cpe:/a:todd_miller:sudo:1.7.1 cpe:/a:todd_miller:sudo:1.7.2 cpe:/a:todd_miller:sudo:1.7.2p1 cpe:/a:todd_miller:sudo:1.7.2p2 cpe:/a:todd_miller:sudo:1.7.2p3 cpe:/a:todd_miller:sudo:1.7.2p4 cpe:/a:todd_miller:sudo:1.7.2p5 cpe:/a:todd_miller:sudo:1.7.2p6 cpe:/a:todd_miller:sudo:1.7.2p7 cpe:/a:todd_miller:sudo:1.7.3b1 cpe:/a:todd_miller:sudo:1.7.4 cpe:/a:todd_miller:sudo:1.7.4p1 cpe:/a:todd_miller:sudo:1.7.4p2 cpe:/a:todd_miller:sudo:1.7.4p3 cpe:/a:todd_miller:sudo:1.7.4p4

CVE-2011-0010

2011-01-18T13:03:08.267-05:00

2018-01-04T21:29:04.523-05:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641 FEDORA FEDORA-2011-0470 FEDORA FEDORA-2011-0455 SUSE SUSE-SR:2011:002 MLIST [oss-security] 20110111 CVE request: sudo does not ask for password on GID changes MLIST [oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes MLIST [oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes GENTOO GLSA-201203-06 SLACKWARE SSA:2011-041-05 MANDRIVA MDVSA-2011:018 REDHAT RHSA-2011:0599 BID 45774 MISC http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e CONFIRM http://www.sudo.ws/repos/sudo/rev/fe8a94f96542 CONFIRM http://www.sudo.ws/sudo/alerts/runas_group_pw.html UBUNTU USN-1046-1 VUPEN ADV-2011-0089 VUPEN ADV-2011-0182 VUPEN ADV-2011-0195 VUPEN ADV-2011-0199 VUPEN ADV-2011-0212 VUPEN ADV-2011-0362 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=668879 XF sudo-groupid-privilege-escalation(64636) check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

cpe:/a:qemu:qemu:0.1 cpe:/a:qemu:qemu:0.1.1 cpe:/a:qemu:qemu:0.1.2 cpe:/a:qemu:qemu:0.1.3 cpe:/a:qemu:qemu:0.1.4 cpe:/a:qemu:qemu:0.1.5 cpe:/a:qemu:qemu:0.1.6 cpe:/a:qemu:qemu:0.10.0 cpe:/a:qemu:qemu:0.10.1 cpe:/a:qemu:qemu:0.10.2 cpe:/a:qemu:qemu:0.10.3 cpe:/a:qemu:qemu:0.10.4 cpe:/a:qemu:qemu:0.10.5 cpe:/a:qemu:qemu:0.10.6 cpe:/a:qemu:qemu:0.11.0:rc0 cpe:/a:qemu:qemu:0.11.0:rc1 cpe:/a:qemu:qemu:0.11.0:rc2

CVE-2011-0011

2012-06-21T11:55:05.863-04:00

2017-08-16T21:33:22.727-04:00

4.3

ADJACENT_NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2011:0345 UBUNTU USN-1063-1 MLIST [oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication MLIST [oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication MLIST [oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication MISC https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197 XF qemu-vnc-security-bypass(65215) qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

cpe:/a:redhat:spice-xpi:2.2 cpe:/a:redhat:spice-xpi:2.3 cpe:/a:redhat:spice-xpi:2.4

CVE-2011-0012

2011-04-18T13:55:00.937-04:00

3.3

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-04-18T14:22:00.000-04:00

REDHAT RHSA-2011:0426 BID 47269 SECTRACK 1025304 VUPEN ADV-2011-0899 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=639869 The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.

cpe:/a:apache:tomcat:5.5.0 cpe:/a:apache:tomcat:5.5.1 cpe:/a:apache:tomcat:5.5.2 cpe:/a:apache:tomcat:5.5.3 cpe:/a:apache:tomcat:5.5.4 cpe:/a:apache:tomcat:5.5.5 cpe:/a:apache:tomcat:5.5.6 cpe:/a:apache:tomcat:5.5.7 cpe:/a:apache:tomcat:5.5.8 cpe:/a:apache:tomcat:5.5.9 cpe:/a:apache:tomcat:5.5.10 cpe:/a:apache:tomcat:5.5.11 cpe:/a:apache:tomcat:5.5.12 cpe:/a:apache:tomcat:5.5.13 cpe:/a:apache:tomcat:5.5.14 cpe:/a:apache:tomcat:5.5.15 cpe:/a:apache:tomcat:5.5.16 cpe:/a:apache:tomcat:5.5.17 cpe:/a:apache:tomcat:5.5.18 cpe:/a:apache:tomcat:5.5.19 cpe:/a:apache:tomcat:5.5.20 cpe:/a:apache:tomcat:5.5.21 cpe:/a:apache:tomcat:5.5.22 cpe:/a:apache:tomcat:5.5.23 cpe:/a:apache:tomcat:5.5.24 cpe:/a:apache:tomcat:5.5.25 cpe:/a:apache:tomcat:5.5.26 cpe:/a:apache:tomcat:5.5.27 cpe:/a:apache:tomcat:5.5.28 cpe:/a:apache:tomcat:5.5.29 cpe:/a:apache:tomcat:5.5.30 cpe:/a:apache:tomcat:5.5.31 cpe:/a:apache:tomcat:6.0 cpe:/a:apache:tomcat:6.0.0 cpe:/a:apache:tomcat:6.0.1 cpe:/a:apache:tomcat:6.0.2 cpe:/a:apache:tomcat:6.0.3 cpe:/a:apache:tomcat:6.0.4 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:6.0.13 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:6.0.16 cpe:/a:apache:tomcat:6.0.17 cpe:/a:apache:tomcat:6.0.18 cpe:/a:apache:tomcat:6.0.19 cpe:/a:apache:tomcat:6.0.20 cpe:/a:apache:tomcat:6.0.24 cpe:/a:apache:tomcat:6.0.26 cpe:/a:apache:tomcat:6.0.27 cpe:/a:apache:tomcat:6.0.28 cpe:/a:apache:tomcat:6.0.29 cpe:/a:apache:tomcat:7.0.0 cpe:/a:apache:tomcat:7.0.1 cpe:/a:apache:tomcat:7.0.2 cpe:/a:apache:tomcat:7.0.3 cpe:/a:apache:tomcat:7.0.4 cpe:/a:apache:tomcat:7.0.5

CVE-2011-0013

2011-02-18T20:00:01.557-05:00

2019-03-25T07:33:03.633-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 SUSE SUSE-SR:2011:005 HP HPSBUX02645 HP SSRT100627 HP HPSBUX02860 HP HPSBST02955 SREASON 8093 CONFIRM http://support.apple.com/kb/HT5002 CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5098550.html CONFIRM http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32 CONFIRM http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30 CONFIRM http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6_(released_14_Jan_2011) DEBIAN DSA-2160 MANDRIVA MDVSA-2011:030 REDHAT RHSA-2011:0791 REDHAT RHSA-2011:0896 REDHAT RHSA-2011:0897 REDHAT RHSA-2011:1845 BUGTRAQ 20110205 [SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability BID 46174 SECTRACK 1025026 VUPEN ADV-2011-0376 MISC https://bugzilla.redhat.com/show_bug.cgi?id=675786 MLIST [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.

cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.8j cpe:/a:openssl:openssl:0.9.8k cpe:/a:openssl:openssl:0.9.8l cpe:/a:openssl:openssl:0.9.8m cpe:/a:openssl:openssl:0.9.8n cpe:/a:openssl:openssl:0.9.8o cpe:/a:openssl:openssl:0.9.8p cpe:/a:openssl:openssl:0.9.8q cpe:/a:openssl:openssl:1.0.0 cpe:/a:openssl:openssl:1.0.0:beta1 cpe:/a:openssl:openssl:1.0.0:beta2 cpe:/a:openssl:openssl:1.0.0:beta3 cpe:/a:openssl:openssl:1.0.0:beta4 cpe:/a:openssl:openssl:1.0.0:beta5 cpe:/a:openssl:openssl:1.0.0a cpe:/a:openssl:openssl:1.0.0b cpe:/a:openssl:openssl:1.0.0c

CVE-2011-0014

2011-02-18T20:00:01.777-05:00

2017-09-18T21:31:49.957-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov NETBSD NetBSD-SA2011-002 HP HPSBMA02658 APPLE APPLE-SA-2011-06-23-1 FEDORA FEDORA-2011-1273 SUSE SUSE-SR:2011:005 HP SSRT100475 HP HPSBUX02689 SLACKWARE SSA:2011-041-04 CONFIRM http://support.apple.com/kb/HT4723 DEBIAN DSA-2162 MANDRIVA MDVSA-2011:028 CONFIRM http://www.openssl.org/news/secadv_20110208.txt REDHAT RHSA-2011:0677 BID 46264 SECTRACK 1025050 UBUNTU USN-1064-1 VUPEN ADV-2011-0361 VUPEN ADV-2011-0387 VUPEN ADV-2011-0389 VUPEN ADV-2011-0395 VUPEN ADV-2011-0399 VUPEN ADV-2011-0603 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 CONFIRM https://support.f5.com/csp/article/K10534046 ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

cpe:/a:tor:tor:0.0.2 cpe:/a:tor:tor:0.0.2_pre13 cpe:/a:tor:tor:0.0.2_pre14 cpe:/a:tor:tor:0.0.2_pre15 cpe:/a:tor:tor:0.0.2_pre16 cpe:/a:tor:tor:0.0.2_pre17 cpe:/a:tor:tor:0.0.2_pre18 cpe:/a:tor:tor:0.0.2_pre19 cpe:/a:tor:tor:0.0.2_pre20 cpe:/a:tor:tor:0.0.2_pre21 cpe:/a:tor:tor:0.0.2_pre22 cpe:/a:tor:tor:0.0.2_pre23 cpe:/a:tor:tor:0.0.2_pre24 cpe:/a:tor:tor:0.0.2_pre25 cpe:/a:tor:tor:0.0.2_pre26 cpe:/a:tor:tor:0.0.2_pre27 cpe:/a:tor:tor:0.0.3 cpe:/a:tor:tor:0.0.4 cpe:/a:tor:tor:0.0.5 cpe:/a:tor:tor:0.0.6 cpe:/a:tor:tor:0.0.6.1 cpe:/a:tor:tor:0.0.6.2 cpe:/a:tor:tor:0.0.7 cpe:/a:tor:tor:0.0.7.1 cpe:/a:tor:tor:0.0.7.2 cpe:/a:tor:tor:0.0.7.3 cpe:/a:tor:tor:0.0.8 cpe:/a:tor:tor:0.0.8.1 cpe:/a:tor:tor:0.0.9 cpe:/a:tor:tor:0.0.9.1 cpe:/a:tor:tor:0.0.9.2 cpe:/a:tor:tor:0.0.9.3 cpe:/a:tor:tor:0.0.9.4 cpe:/a:tor:tor:0.0.9.5 cpe:/a:tor:tor:0.0.9.6 cpe:/a:tor:tor:0.0.9.7 cpe:/a:tor:tor:0.0.9.8 cpe:/a:tor:tor:0.0.9.9 cpe:/a:tor:tor:0.0.9.10 cpe:/a:tor:tor:0.1.0.1 cpe:/a:tor:tor:0.1.0.2 cpe:/a:tor:tor:0.1.0.3 cpe:/a:tor:tor:0.1.0.4 cpe:/a:tor:tor:0.1.0.5 cpe:/a:tor:tor:0.1.0.6 cpe:/a:tor:tor:0.1.0.7 cpe:/a:tor:tor:0.1.0.8 cpe:/a:tor:tor:0.1.0.9 cpe:/a:tor:tor:0.1.0.10 cpe:/a:tor:tor:0.1.0.11 cpe:/a:tor:tor:0.1.0.12 cpe:/a:tor:tor:0.1.0.13 cpe:/a:tor:tor:0.1.0.14 cpe:/a:tor:tor:0.1.0.15 cpe:/a:tor:tor:0.1.0.16 cpe:/a:tor:tor:0.1.0.17 cpe:/a:tor:tor:0.1.1 cpe:/a:tor:tor:0.1.1.1 cpe:/a:tor:tor:0.1.1.1:alpha cpe:/a:tor:tor:0.1.1.2 cpe:/a:tor:tor:0.1.1.2:alpha cpe:/a:tor:tor:0.1.1.3 cpe:/a:tor:tor:0.1.1.3:alpha cpe:/a:tor:tor:0.1.1.4 cpe:/a:tor:tor:0.1.1.4:alpha cpe:/a:tor:tor:0.1.1.5 cpe:/a:tor:tor:0.1.1.5:alpha cpe:/a:tor:tor:0.1.1.6 cpe:/a:tor:tor:0.1.1.6:alpha cpe:/a:tor:tor:0.1.1.7 cpe:/a:tor:tor:0.1.1.7:alpha cpe:/a:tor:tor:0.1.1.8 cpe:/a:tor:tor:0.1.1.8:alpha cpe:/a:tor:tor:0.1.1.9 cpe:/a:tor:tor:0.1.1.9:alpha cpe:/a:tor:tor:0.1.1.10 cpe:/a:tor:tor:0.1.1.10:alpha cpe:/a:tor:tor:0.1.1.11 cpe:/a:tor:tor:0.1.1.12 cpe:/a:tor:tor:0.1.1.13 cpe:/a:tor:tor:0.1.1.14 cpe:/a:tor:tor:0.1.1.15 cpe:/a:tor:tor:0.1.1.16 cpe:/a:tor:tor:0.1.1.17 cpe:/a:tor:tor:0.1.1.18 cpe:/a:tor:tor:0.1.1.19 cpe:/a:tor:tor:0.1.1.20 cpe:/a:tor:tor:0.1.1.21 cpe:/a:tor:tor:0.1.1.22 cpe:/a:tor:tor:0.1.1.23 cpe:/a:tor:tor:0.1.1.25 cpe:/a:tor:tor:0.1.1.26 cpe:/a:tor:tor:0.1.2.1:alpha-cvs cpe:/a:tor:tor:0.1.2.2 cpe:/a:tor:tor:0.1.2.3:alpha cpe:/a:tor:tor:0.1.2.4 cpe:/a:tor:tor:0.1.2.5 cpe:/a:tor:tor:0.1.2.5:alpha cpe:/a:tor:tor:0.1.2.6:alpha cpe:/a:tor:tor:0.1.2.7:alpha cpe:/a:tor:tor:0.1.2.8:beta cpe:/a:tor:tor:0.1.2.9 cpe:/a:tor:tor:0.1.2.10 cpe:/a:tor:tor:0.1.2.11 cpe:/a:tor:tor:0.1.2.12 cpe:/a:tor:tor:0.1.2.13 cpe:/a:tor:tor:0.1.2.14 cpe:/a:tor:tor:0.1.2.15 cpe:/a:tor:tor:0.1.2.16 cpe:/a:tor:tor:0.1.2.17 cpe:/a:tor:tor:0.1.2.18 cpe:/a:tor:tor:0.1.2.19 cpe:/a:tor:tor:0.1.2.30 cpe:/a:tor:tor:0.1.2.31 cpe:/a:tor:tor:0.2.0.1:alpha cpe:/a:tor:tor:0.2.0.2:alpha cpe:/a:tor:tor:0.2.0.3:alpha cpe:/a:tor:tor:0.2.0.4:alpha cpe:/a:tor:tor:0.2.0.5:alpha cpe:/a:tor:tor:0.2.0.6:alpha cpe:/a:tor:tor:0.2.0.7:alpha cpe:/a:tor:tor:0.2.0.8:alpha cpe:/a:tor:tor:0.2.0.9:alpha cpe:/a:tor:tor:0.2.0.10:alpha cpe:/a:tor:tor:0.2.0.11:alpha cpe:/a:tor:tor:0.2.0.12:alpha cpe:/a:tor:tor:0.2.0.13:alpha cpe:/a:tor:tor:0.2.0.14:alpha cpe:/a:tor:tor:0.2.0.15:alpha cpe:/a:tor:tor:0.2.0.16:alpha cpe:/a:tor:tor:0.2.0.17:alpha cpe:/a:tor:tor:0.2.0.18:alpha cpe:/a:tor:tor:0.2.0.19:alpha cpe:/a:tor:tor:0.2.0.20:alpha cpe:/a:tor:tor:0.2.0.21:alpha cpe:/a:tor:tor:0.2.0.22:alpha cpe:/a:tor:tor:0.2.0.23:alpha cpe:/a:tor:tor:0.2.0.24:alpha cpe:/a:tor:tor:0.2.0.25:alpha cpe:/a:tor:tor:0.2.0.26:alpha cpe:/a:tor:tor:0.2.0.27:alpha cpe:/a:tor:tor:0.2.0.28:alpha cpe:/a:tor:tor:0.2.0.29 cpe:/a:tor:tor:0.2.0.29:alpha cpe:/a:tor:tor:0.2.0.30 cpe:/a:tor:tor:0.2.0.30:alpha cpe:/a:tor:tor:0.2.0.31 cpe:/a:tor:tor:0.2.0.31:alpha cpe:/a:tor:tor:0.2.0.32:alpha cpe:/a:tor:tor:0.2.0.33 cpe:/a:tor:tor:0.2.0.34:alpha cpe:/a:tor:tor:0.2.0.35 cpe:/a:tor:tor:0.2.1.1:alpha cpe:/a:tor:tor:0.2.1.2:alpha cpe:/a:tor:tor:0.2.1.3:alpha cpe:/a:tor:tor:0.2.1.4:alpha cpe:/a:tor:tor:0.2.1.5:alpha cpe:/a:tor:tor:0.2.1.6:alpha cpe:/a:tor:tor:0.2.1.7:alpha cpe:/a:tor:tor:0.2.1.8:alpha cpe:/a:tor:tor:0.2.1.9:alpha cpe:/a:tor:tor:0.2.1.10:alpha cpe:/a:tor:tor:0.2.1.11:alpha cpe:/a:tor:tor:0.2.1.12 cpe:/a:tor:tor:0.2.1.12:alpha cpe:/a:tor:tor:0.2.1.13 cpe:/a:tor:tor:0.2.1.14 cpe:/a:tor:tor:0.2.1.15 cpe:/a:tor:tor:0.2.1.16 cpe:/a:tor:tor:0.2.1.17 cpe:/a:tor:tor:0.2.1.18 cpe:/a:tor:tor:0.2.1.19 cpe:/a:tor:tor:0.2.1.20 cpe:/a:tor:tor:0.2.1.21 cpe:/a:tor:tor:0.2.1.22 cpe:/a:tor:tor:0.2.1.23 cpe:/a:tor:tor:0.2.1.24 cpe:/a:tor:tor:0.2.1.25 cpe:/a:tor:tor:0.2.1.26 cpe:/a:tor:tor:0.2.1.27 cpe:/a:tor:tor:0.2.1.28 cpe:/a:tor:tor:0.2.2.1 cpe:/a:tor:tor:0.2.2.1:alpha cpe:/a:tor:tor:0.2.2.2 cpe:/a:tor:tor:0.2.2.2:alpha cpe:/a:tor:tor:0.2.2.3 cpe:/a:tor:tor:0.2.2.3:alpha cpe:/a:tor:tor:0.2.2.4 cpe:/a:tor:tor:0.2.2.4:alpha cpe:/a:tor:tor:0.2.2.5 cpe:/a:tor:tor:0.2.2.5:alpha cpe:/a:tor:tor:0.2.2.6 cpe:/a:tor:tor:0.2.2.6:alpha cpe:/a:tor:tor:0.2.2.7:alpha cpe:/a:tor:tor:0.2.2.8:alpha cpe:/a:tor:tor:0.2.2.9:alpha cpe:/a:tor:tor:0.2.2.10:alpha cpe:/a:tor:tor:0.2.2.11:alpha cpe:/a:tor:tor:0.2.2.12:alpha cpe:/a:tor:tor:0.2.2.13:alpha cpe:/a:tor:tor:0.2.2.14:alpha cpe:/a:tor:tor:0.2.2.15:alpha cpe:/a:tor:tor:0.2.2.16:alpha cpe:/a:tor:tor:0.2.2.17:alpha cpe:/a:tor:tor:0.2.2.18:alpha cpe:/a:tor:tor:0.2.2.19:alpha cpe:/a:tor:tor:0.2.2.20:alpha

CVE-2011-0015

2011-01-19T07:00:06.623-05:00

2011-07-19T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-01-19T13:20:00.000-05:00

MLIST [or-announce] 20110117 Tor 0.2.1.29 is released (security patches) CONFIRM http://blog.torproject.org/blog/tor-02129-released-security-patches DEBIAN DSA-2148 MLIST [oss-security] 20110118 Re: CVE request: tor BID 45832 SECTRACK 1024980 VUPEN ADV-2011-0131 VUPEN ADV-2011-0132 CONFIRM https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog CONFIRM https://trac.torproject.org/projects/tor/ticket/2324 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

CVE-2011-0016

2011-01-19T07:00:19.640-05:00

2011-01-22T00:00:00.000-05:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-01-19T13:22:00.000-05:00

MLIST [or-announce] 20110117 Tor 0.2.1.29 is released (security patches) CONFIRM http://blog.torproject.org/blog/tor-02129-released-security-patches DEBIAN DSA-2148 MLIST [oss-security] 20110118 Re: CVE request: tor BID 45832 SECTRACK 1024980 VUPEN ADV-2011-0131 VUPEN ADV-2011-0132 CONFIRM https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog CONFIRM https://trac.torproject.org/projects/tor/ticket/2384 CONFIRM https://trac.torproject.org/projects/tor/ticket/2385 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.

cpe:/a:exim:exim:2.10 cpe:/a:exim:exim:2.11 cpe:/a:exim:exim:2.12 cpe:/a:exim:exim:3.00 cpe:/a:exim:exim:3.01 cpe:/a:exim:exim:3.02 cpe:/a:exim:exim:3.03 cpe:/a:exim:exim:3.10 cpe:/a:exim:exim:3.11 cpe:/a:exim:exim:3.12 cpe:/a:exim:exim:3.13 cpe:/a:exim:exim:3.14 cpe:/a:exim:exim:3.15 cpe:/a:exim:exim:3.16 cpe:/a:exim:exim:3.20 cpe:/a:exim:exim:3.21 cpe:/a:exim:exim:3.22 cpe:/a:exim:exim:3.30 cpe:/a:exim:exim:3.31 cpe:/a:exim:exim:3.32 cpe:/a:exim:exim:3.33 cpe:/a:exim:exim:3.34 cpe:/a:exim:exim:3.35 cpe:/a:exim:exim:3.36 cpe:/a:exim:exim:4.00 cpe:/a:exim:exim:4.01 cpe:/a:exim:exim:4.02 cpe:/a:exim:exim:4.03 cpe:/a:exim:exim:4.04 cpe:/a:exim:exim:4.05 cpe:/a:exim:exim:4.10 cpe:/a:exim:exim:4.11 cpe:/a:exim:exim:4.12 cpe:/a:exim:exim:4.14 cpe:/a:exim:exim:4.20 cpe:/a:exim:exim:4.21 cpe:/a:exim:exim:4.22 cpe:/a:exim:exim:4.23 cpe:/a:exim:exim:4.24 cpe:/a:exim:exim:4.30 cpe:/a:exim:exim:4.31 cpe:/a:exim:exim:4.32 cpe:/a:exim:exim:4.33 cpe:/a:exim:exim:4.34 cpe:/a:exim:exim:4.40 cpe:/a:exim:exim:4.41 cpe:/a:exim:exim:4.42 cpe:/a:exim:exim:4.43 cpe:/a:exim:exim:4.44 cpe:/a:exim:exim:4.50 cpe:/a:exim:exim:4.51 cpe:/a:exim:exim:4.52 cpe:/a:exim:exim:4.53 cpe:/a:exim:exim:4.54 cpe:/a:exim:exim:4.60 cpe:/a:exim:exim:4.61 cpe:/a:exim:exim:4.62 cpe:/a:exim:exim:4.63 cpe:/a:exim:exim:4.64 cpe:/a:exim:exim:4.65 cpe:/a:exim:exim:4.66 cpe:/a:exim:exim:4.67 cpe:/a:exim:exim:4.68 cpe:/a:exim:exim:4.69 cpe:/a:exim:exim:4.70 cpe:/a:exim:exim:4.71 cpe:/a:exim:exim:4.72

CVE-2011-0017

2011-02-01T20:00:06.203-05:00

2017-08-16T21:33:22.807-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74 MLIST [exim-announce] 20110125 Exim 4.74 Release SUSE SUSE-SR:2011:004 DEBIAN DSA-2154 BID 46065 UBUNTU USN-1060-1 VUPEN ADV-2011-0224 VUPEN ADV-2011-0245 VUPEN ADV-2011-0364 VUPEN ADV-2011-0464 XF exim-openlog-privilege-escalation(65028) The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

cpe:/a:openvas:openvas_manager:1.0.0 cpe:/a:openvas:openvas_manager:1.0.0:beta1 cpe:/a:openvas:openvas_manager:1.0.0:beta2 cpe:/a:openvas:openvas_manager:1.0.0:beta3 cpe:/a:openvas:openvas_manager:1.0.0:beta4 cpe:/a:openvas:openvas_manager:1.0.0:beta5 cpe:/a:openvas:openvas_manager:1.0.0:beta6 cpe:/a:openvas:openvas_manager:1.0.0:beta7 cpe:/a:openvas:openvas_manager:1.0.0:rc1 cpe:/a:openvas:openvas_manager:1.0.1 cpe:/a:openvas:openvas_manager:1.0.2 cpe:/a:openvas:openvas_manager:1.0.3 cpe:/a:openvas:openvas_manager:2.0:beta1 cpe:/a:openvas:openvas_manager:2.0:beta2 cpe:/a:openvas:openvas_manager:2.0:beta3 cpe:/a:openvas:openvas_manager:2.0:rc1 cpe:/a:openvas:openvas_manager:2.0:rc2

CVE-2011-0018

2011-01-28T11:00:02.937-05:00

2018-10-10T16:09:21.857-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov EXPLOIT-DB 16086 CONFIRM http://www.openvas.org/OVSA20110118.html BUGTRAQ 20110125 [OVSA20110118] OpenVAS Manager Vulnerable To Command Injection BID 45987 VUPEN ADV-2011-0208 XF openvas-email-command-execution(65011) The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).

cpe:/a:fedoraproject:389_directory_server:1.2.7.5 cpe:/a:redhat:directory_server:8.2 cpe:/a:redhat:directory_server:8.2.3

CVE-2011-0019

2011-02-23T14:00:01.670-05:00

2011-03-30T23:28:53.783-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2011:0293 BID 46489 SECTRACK 1025102 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=666076 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=670914 slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests.

cpe:/a:pango:pango:0.20 cpe:/a:pango:pango:0.21 cpe:/a:pango:pango:0.22 cpe:/a:pango:pango:0.23 cpe:/a:pango:pango:0.24 cpe:/a:pango:pango:0.25 cpe:/a:pango:pango:0.26 cpe:/a:pango:pango:1.0 cpe:/a:pango:pango:1.1 cpe:/a:pango:pango:1.2 cpe:/a:pango:pango:1.3 cpe:/a:pango:pango:1.4 cpe:/a:pango:pango:1.5 cpe:/a:pango:pango:1.6 cpe:/a:pango:pango:1.7 cpe:/a:pango:pango:1.8 cpe:/a:pango:pango:1.9 cpe:/a:pango:pango:1.10 cpe:/a:pango:pango:1.11 cpe:/a:pango:pango:1.12 cpe:/a:pango:pango:1.13 cpe:/a:pango:pango:1.14 cpe:/a:pango:pango:1.15 cpe:/a:pango:pango:1.16 cpe:/a:pango:pango:1.17 cpe:/a:pango:pango:1.18 cpe:/a:pango:pango:1.19 cpe:/a:pango:pango:1.20 cpe:/a:pango:pango:1.21 cpe:/a:pango:pango:1.22 cpe:/a:pango:pango:1.23 cpe:/a:pango:pango:1.24 cpe:/a:pango:pango:1.25 cpe:/a:pango:pango:1.26 cpe:/a:pango:pango:1.27 cpe:/a:pango:pango:1.28.0 cpe:/a:pango:pango:1.28.1 cpe:/a:pango:pango:1.28.2 cpe:/a:pango:pango:1.28.3

CVE-2011-0020

2011-01-24T13:00:03.783-05:00

2017-08-16T21:33:22.947-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov SUSE SUSE-SR:2011:005 MLIST [oss-security] 20110118 CVE request: heap corruption in libpango MLIST [oss-security] 20110120 Re: CVE request: heap corruption in libpango REDHAT RHSA-2011:0180 BID 45842 SECTRACK 1024994 VUPEN ADV-2011-0186 VUPEN ADV-2011-0238 CONFIRM https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 MISC https://bugzilla.gnome.org/show_bug.cgi?id=639882 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=671122 XF pango-pango-bo(64832) Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

cpe:/a:videolan:vlc_media_player:0.1.99b cpe:/a:videolan:vlc_media_player:0.1.99e cpe:/a:videolan:vlc_media_player:0.1.99f cpe:/a:videolan:vlc_media_player:0.1.99g cpe:/a:videolan:vlc_media_player:0.1.99h cpe:/a:videolan:vlc_media_player:0.1.99i cpe:/a:videolan:vlc_media_player:0.2.0 cpe:/a:videolan:vlc_media_player:0.2.60 cpe:/a:videolan:vlc_media_player:0.2.61 cpe:/a:videolan:vlc_media_player:0.2.62 cpe:/a:videolan:vlc_media_player:0.2.63 cpe:/a:videolan:vlc_media_player:0.2.70 cpe:/a:videolan:vlc_media_player:0.2.71 cpe:/a:videolan:vlc_media_player:0.2.72 cpe:/a:videolan:vlc_media_player:0.2.73 cpe:/a:videolan:vlc_media_player:0.2.80 cpe:/a:videolan:vlc_media_player:0.2.81 cpe:/a:videolan:vlc_media_player:0.2.82 cpe:/a:videolan:vlc_media_player:0.2.83 cpe:/a:videolan:vlc_media_player:0.2.90 cpe:/a:videolan:vlc_media_player:0.2.91 cpe:/a:videolan:vlc_media_player:0.2.92 cpe:/a:videolan:vlc_media_player:0.3.0 cpe:/a:videolan:vlc_media_player:0.3.1 cpe:/a:videolan:vlc_media_player:0.4.0 cpe:/a:videolan:vlc_media_player:0.4.1 cpe:/a:videolan:vlc_media_player:0.4.2 cpe:/a:videolan:vlc_media_player:0.4.3 cpe:/a:videolan:vlc_media_player:0.4.4 cpe:/a:videolan:vlc_media_player:0.4.5 cpe:/a:videolan:vlc_media_player:0.4.6 cpe:/a:videolan:vlc_media_player:0.5.0 cpe:/a:videolan:vlc_media_player:0.5.1 cpe:/a:videolan:vlc_media_player:0.5.2 cpe:/a:videolan:vlc_media_player:0.5.3 cpe:/a:videolan:vlc_media_player:0.6.0 cpe:/a:videolan:vlc_media_player:0.6.1 cpe:/a:videolan:vlc_media_player:0.6.2 cpe:/a:videolan:vlc_media_player:0.7.0 cpe:/a:videolan:vlc_media_player:0.7.2 cpe:/a:videolan:vlc_media_player:0.8.0 cpe:/a:videolan:vlc_media_player:0.8.1 cpe:/a:videolan:vlc_media_player:0.8.2 cpe:/a:videolan:vlc_media_player:0.8.4 cpe:/a:videolan:vlc_media_player:0.8.5 cpe:/a:videolan:vlc_media_player:0.8.6 cpe:/a:videolan:vlc_media_player:0.9.2 cpe:/a:videolan:vlc_media_player:0.9.3 cpe:/a:videolan:vlc_media_player:0.9.4 cpe:/a:videolan:vlc_media_player:0.9.5 cpe:/a:videolan:vlc_media_player:0.9.6 cpe:/a:videolan:vlc_media_player:0.9.8a cpe:/a:videolan:vlc_media_player:0.9.9 cpe:/a:videolan:vlc_media_player:0.9.10 cpe:/a:videolan:vlc_media_player:1.0.0 cpe:/a:videolan:vlc_media_player:1.0.1 cpe:/a:videolan:vlc_media_player:1.0.2 cpe:/a:videolan:vlc_media_player:1.0.3 cpe:/a:videolan:vlc_media_player:1.0.4 cpe:/a:videolan:vlc_media_player:1.0.5 cpe:/a:videolan:vlc_media_player:1.0.6 cpe:/a:videolan:vlc_media_player:1.1.0 cpe:/a:videolan:vlc_media_player:1.1.1 cpe:/a:videolan:vlc_media_player:1.1.2 cpe:/a:videolan:vlc_media_player:1.1.3 cpe:/a:videolan:vlc_media_player:1.1.4 cpe:/a:videolan:vlc_media_player:1.1.5

CVE-2011-0021

2011-01-25T14:00:04.370-05:00

2017-09-18T21:31:50.037-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://download.videolan.org/pub/videolan/vlc/1.1.6/vlc-1.1.6.tar.bz2 CONFIRM http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab MLIST [oss-security] 20110119 CVE request: heap corruption in VLC media player MLIST [oss-security] 20110120 Re: CVE request: heap corruption in VLC media player BID 45927 VUPEN ADV-2011-0185 XF vlcmediaplayer-cdg-code-execution(64879) Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.

cpe:/a:fedoraproject:389_directory_server:1.2.1 cpe:/a:fedoraproject:389_directory_server:1.2.2 cpe:/a:fedoraproject:389_directory_server:1.2.3 cpe:/a:fedoraproject:389_directory_server:1.2.5 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc2 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc3 cpe:/a:fedoraproject:389_directory_server:1.2.5:rc4 cpe:/a:fedoraproject:389_directory_server:1.2.6 cpe:/a:fedoraproject:389_directory_server:1.2.6:a2 cpe:/a:fedoraproject:389_directory_server:1.2.6:a3 cpe:/a:fedoraproject:389_directory_server:1.2.6:a4 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc1 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc2 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc3 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc6 cpe:/a:fedoraproject:389_directory_server:1.2.6:rc7 cpe:/a:fedoraproject:389_directory_server:1.2.6.1 cpe:/a:fedoraproject:389_directory_server:1.2.7:alpha3 cpe:/a:fedoraproject:389_directory_server:1.2.7.5 cpe:/a:fedoraproject:389_directory_server:1.2.8:alpha1 cpe:/a:fedoraproject:389_directory_server:1.2.8:alpha2 cpe:/a:redhat:directory_server:8.2 cpe:/a:redhat:directory_server:8.2.3

CVE-2011-0022

2011-02-23T14:00:01.813-05:00

2011-03-30T23:28:54.470-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov REDHAT RHSA-2011:0293 BID 46489 SECTRACK 1025102 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=671199 The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory.

cpe:/a:wireshark:wireshark:0.99.2 cpe:/a:wireshark:wireshark:0.99.3 cpe:/a:wireshark:wireshark:0.99.4 cpe:/a:wireshark:wireshark:0.99.5 cpe:/a:wireshark:wireshark:0.99.6 cpe:/a:wireshark:wireshark:0.99.7 cpe:/a:wireshark:wireshark:0.99.8 cpe:/a:wireshark:wireshark:1.0.0 cpe:/a:wireshark:wireshark:1.0.1 cpe:/a:wireshark:wireshark:1.0.2 cpe:/a:wireshark:wireshark:1.0.3 cpe:/a:wireshark:wireshark:1.0.4 cpe:/a:wireshark:wireshark:1.0.5 cpe:/a:wireshark:wireshark:1.0.6 cpe:/a:wireshark:wireshark:1.0.7 cpe:/a:wireshark:wireshark:1.0.8 cpe:/a:wireshark:wireshark:1.0.9 cpe:/a:wireshark:wireshark:1.0.10 cpe:/a:wireshark:wireshark:1.0.11 cpe:/a:wireshark:wireshark:1.0.12 cpe:/a:wireshark:wireshark:1.0.13 cpe:/a:wireshark:wireshark:1.0.14 cpe:/a:wireshark:wireshark:1.0.15 cpe:/a:wireshark:wireshark:1.0.16

CVE-2011-0024

2011-03-28T12:55:03.780-04:00

2011-03-29T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-03-28T13:54:00.000-04:00

REDHAT RHSA-2011:0370 VUPEN ADV-2011-0719 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=671331 Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.

cpe:/a:redhat:icedtea:1.7 cpe:/a:redhat:icedtea:1.7.1 cpe:/a:redhat:icedtea:1.7.2 cpe:/a:redhat:icedtea:1.7.3 cpe:/a:redhat:icedtea:1.7.4 cpe:/a:redhat:icedtea:1.7.5 cpe:/a:redhat:icedtea:1.7.6 cpe:/a:redhat:icedtea:1.7.7 cpe:/a:redhat:icedtea:1.8 cpe:/a:redhat:icedtea:1.8.1 cpe:/a:redhat:icedtea:1.8.2 cpe:/a:redhat:icedtea:1.8.3 cpe:/a:redhat:icedtea:1.8.4 cpe:/a:redhat:icedtea:1.9 cpe:/a:redhat:icedtea:1.9.1 cpe:/a:redhat:icedtea:1.9.2 cpe:/a:redhat:icedtea:1.9.3 cpe:/a:redhat:icedtea:1.9.4

CVE-2011-0025

2011-02-04T15:00:02.447-05:00

2017-08-16T21:33:23.073-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/ MISC http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515 GENTOO GLSA-201406-32 DEBIAN DSA-2224 MANDRIVA MDVSA-2011:054 BID 46110 UBUNTU USN-1055-1 XF icedtea-jar-security-bypass(65151) IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source.

cpe:/a:microsoft:data_access_components:2.8:sp1 cpe:/a:microsoft:data_access_components:2.8:sp2 cpe:/a:microsoft:windows_data_access_components:6.0

CVE-2011-0026

2011-01-11T20:00:01.807-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100124846 BID 45695 SECTRACK 1024947 CERT TA11-011A VUPEN ADV-2011-0075 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-001/ MS MS11-002 Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."

cpe:/a:microsoft:data_access_components:2.8:sp1 cpe:/a:microsoft:data_access_components:2.8:sp2 cpe:/a:microsoft:windows_data_access_components:6.0

CVE-2011-0027

2011-01-11T20:00:01.887-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100124846 MISC http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ BID 45698 SECTRACK 1024947 CERT TA11-011A VUPEN ADV-2011-0075 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-002/ MS MS11-002 Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0028

2011-04-13T14:55:00.923-04:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CERT TA11-102A MS MS11-033 WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."

cpe:/a:microsoft:remote_desktop_connection_client:5.2 cpe:/a:microsoft:remote_desktop_connection_client:6.0 cpe:/a:microsoft:remote_desktop_connection_client:6.1 cpe:/a:microsoft:remote_desktop_connection_client:7.0 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0029

2011-03-09T18:00:01.793-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1025172 CERT TA11-067A VUPEN ADV-2011-0616 MS MS11-017 Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0030

2011-02-08T20:00:01.367-05:00

2018-10-12T17:59:08.850-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

NONE

http://nvd.nist.gov SECTRACK 1025045 VUPEN ADV-2011-0323 MS MS11-010 XF ms-csrss-privilege-escalation(64917) The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.

cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2008:r2::x64

CVE-2011-0031

2011-02-08T20:00:07.977-05:00

2018-10-30T12:27:21.030-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 46139 SECTRACK 1025044 VUPEN ADV-2011-0322 MS MS11-009 XF ms-win-jscript-info-disclosure(64919) The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."

cpe:/a:microsoft:windows_media_center_tv_pack cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_vista:::x32 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64

CVE-2011-0032

2011-03-09T18:00:01.840-05:00

2018-10-30T12:27:21.030-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 46682 SECTRACK 1025170 CERT TA11-067A VUPEN ADV-2011-0615 MS MS11-015 Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::r2:itanium cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista:-:sp1 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0033

2011-02-10T11:00:13.427-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100127239 BID 46106 SECTRACK 1025034 VUPEN ADV-2011-0320 MS MS11-007 XF ms-opentype-cff-code-execution(64906) The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0034

2011-04-13T14:55:00.970-04:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CERT TA11-102A MS MS11-032 Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."

cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:8

CVE-2011-0035

2011-02-10T11:00:13.487-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100127294 BID 46157 SECTRACK 1025038 VUPEN ADV-2011-0318 MS MS11-003 XF ms-explorer-code-execution(64911) Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.

cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:8

CVE-2011-0036

2011-02-10T11:00:13.550-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100127294 BID 46158 SECTRACK 1025038 VUPEN ADV-2011-0318 MS MS11-003 XF ms-explorer-code-exec(64912) Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.

cpe:/a:microsoft:forefront_client_security cpe:/a:microsoft:forefront_endpoint_protection_2010:- cpe:/a:microsoft:malicious_software_removal_tool cpe:/a:microsoft:malware_protection_engine:0.1.13.192 cpe:/a:microsoft:malware_protection_engine:1.1.3520.0 cpe:/a:microsoft:malware_protection_engine:1.1.6502.0 cpe:/a:microsoft:security_essentials cpe:/a:microsoft:windows_defender cpe:/a:microsoft:windows_live_onecare

CVE-2011-0037

2011-02-25T13:00:01.213-05:00

2017-08-16T21:33:23.493-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1025117 CONFIRM http://www.microsoft.com/technet/security/advisory/2491888.mspx BID 46540 VUPEN ADV-2011-0486 XF ms-malware-engine-priv-esc(65626) Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.

cpe:/a:microsoft:ie:8

CVE-2011-0038

2011-02-10T11:00:13.613-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100127294 MISC http://www.fortiguard.com/advisory/FGA-2011-04.html BID 46159 SECTRACK 1025038 VUPEN ADV-2011-0318 MS MS11-003 XF ms-ie-dll-code-execution(64913) Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

CVE-2011-0039

2011-02-08T20:00:08.070-05:00

2018-10-12T17:59:15.587-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 46152 SECTRACK 1025049 VUPEN ADV-2011-0327 MS MS11-014 The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2:x64

CVE-2011-0040

2011-02-08T20:00:08.150-05:00

2018-10-12T17:59:16.133-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov BID 46145 SECTRACK 1025042 VUPEN ADV-2011-0319 MS MS11-005 XF ms-win-active-directory-dos(64915) The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."

cpe:/a:microsoft:office:xp:sp3 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0041

2011-04-13T14:55:01.017-04:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CERT TA11-102A MS MS11-029 Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

cpe:/a:microsoft:windows_media_center_tv_pack cpe:/a:microsoft:windows_xp_media_center:2005:sp3 cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_7:-:sp1:x86 cpe:/o:microsoft:windows_vista:::x32 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3

CVE-2011-0042

2011-03-09T18:00:01.857-05:00

2018-10-30T12:27:21.030-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 46680 SECTRACK 1025169 CERT TA11-067A VUPEN ADV-2011-0615 MS MS11-015 SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

CVE-2011-0043

2011-02-10T11:00:13.677-05:00

2019-02-26T09:04:00.993-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100127250 BID 46130 SECTRACK 1025048 VUPEN ADV-2011-0326 MS MS11-013 XF ms-kerberos-checksum-privilege-escalation(64900) Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."

CVE-2011-0044

2017-05-11T10:29:12.620-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

cpe:/o:microsoft:windows_xp::sp3

CVE-2011-0045

2011-02-08T20:00:08.243-05:00

2018-10-12T17:59:18.947-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 8110 CONFIRM http://support.avaya.com/css/P8/documents/100127248 BUGTRAQ 20110208 ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability BID 46136 SECTRACK 1025046 VUPEN ADV-2011-0324 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-064 MS MS11-011 XF ms-win-kernel-privilege-escalation(64926) The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability."

cpe:/a:mozilla:bugzilla:2.0 cpe:/a:mozilla:bugzilla:2.2 cpe:/a:mozilla:bugzilla:2.4 cpe:/a:mozilla:bugzilla:2.6 cpe:/a:mozilla:bugzilla:2.8 cpe:/a:mozilla:bugzilla:2.9 cpe:/a:mozilla:bugzilla:2.10 cpe:/a:mozilla:bugzilla:2.12 cpe:/a:mozilla:bugzilla:2.14 cpe:/a:mozilla:bugzilla:2.14.1 cpe:/a:mozilla:bugzilla:2.14.2 cpe:/a:mozilla:bugzilla:2.14.3 cpe:/a:mozilla:bugzilla:2.14.4 cpe:/a:mozilla:bugzilla:2.14.5 cpe:/a:mozilla:bugzilla:2.16 cpe:/a:mozilla:bugzilla:2.16:rc1 cpe:/a:mozilla:bugzilla:2.16:rc2 cpe:/a:mozilla:bugzilla:2.16.1 cpe:/a:mozilla:bugzilla:2.16.2 cpe:/a:mozilla:bugzilla:2.16.3 cpe:/a:mozilla:bugzilla:2.16.4 cpe:/a:mozilla:bugzilla:2.16.5 cpe:/a:mozilla:bugzilla:2.16.6 cpe:/a:mozilla:bugzilla:2.16.7 cpe:/a:mozilla:bugzilla:2.16.8 cpe:/a:mozilla:bugzilla:2.16.9 cpe:/a:mozilla:bugzilla:2.16.10 cpe:/a:mozilla:bugzilla:2.16.11 cpe:/a:mozilla:bugzilla:2.16_rc2 cpe:/a:mozilla:bugzilla:2.17 cpe:/a:mozilla:bugzilla:2.17.1 cpe:/a:mozilla:bugzilla:2.17.2 cpe:/a:mozilla:bugzilla:2.17.3 cpe:/a:mozilla:bugzilla:2.17.4 cpe:/a:mozilla:bugzilla:2.17.5 cpe:/a:mozilla:bugzilla:2.17.6 cpe:/a:mozilla:bugzilla:2.17.7 cpe:/a:mozilla:bugzilla:2.18 cpe:/a:mozilla:bugzilla:2.18:rc1 cpe:/a:mozilla:bugzilla:2.18:rc2 cpe:/a:mozilla:bugzilla:2.18:rc3 cpe:/a:mozilla:bugzilla:2.18.1 cpe:/a:mozilla:bugzilla:2.18.2 cpe:/a:mozilla:bugzilla:2.18.3 cpe:/a:mozilla:bugzilla:2.18.4 cpe:/a:mozilla:bugzilla:2.18.5 cpe:/a:mozilla:bugzilla:2.18.6 cpe:/a:mozilla:bugzilla:2.18.6%2b cpe:/a:mozilla:bugzilla:2.18.7 cpe:/a:mozilla:bugzilla:2.18.8 cpe:/a:mozilla:bugzilla:2.18.9 cpe:/a:mozilla:bugzilla:2.19 cpe:/a:mozilla:bugzilla:2.19.1 cpe:/a:mozilla:bugzilla:2.19.2 cpe:/a:mozilla:bugzilla:2.19.3 cpe:/a:mozilla:bugzilla:2.20 cpe:/a:mozilla:bugzilla:2.20:rc1 cpe:/a:mozilla:bugzilla:2.20:rc2 cpe:/a:mozilla:bugzilla:2.20.1 cpe:/a:mozilla:bugzilla:2.20.2 cpe:/a:mozilla:bugzilla:2.20.3 cpe:/a:mozilla:bugzilla:2.20.4 cpe:/a:mozilla:bugzilla:2.20.5 cpe:/a:mozilla:bugzilla:2.20.6 cpe:/a:mozilla:bugzilla:2.20.7 cpe:/a:mozilla:bugzilla:2.21 cpe:/a:mozilla:bugzilla:2.21.1 cpe:/a:mozilla:bugzilla:2.21.2 cpe:/a:mozilla:bugzilla:2.22 cpe:/a:mozilla:bugzilla:2.22:rc1 cpe:/a:mozilla:bugzilla:2.22.1 cpe:/a:mozilla:bugzilla:2.22.2 cpe:/a:mozilla:bugzilla:2.22.3 cpe:/a:mozilla:bugzilla:2.22.4 cpe:/a:mozilla:bugzilla:2.22.5 cpe:/a:mozilla:bugzilla:2.22.6 cpe:/a:mozilla:bugzilla:2.22.7 cpe:/a:mozilla:bugzilla:2.23 cpe:/a:mozilla:bugzilla:2.23.1 cpe:/a:mozilla:bugzilla:2.23.2 cpe:/a:mozilla:bugzilla:2.23.3 cpe:/a:mozilla:bugzilla:2.23.4 cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:3.2:rc1 cpe:/a:mozilla:bugzilla:3.2:rc2 cpe:/a:mozilla:bugzilla:3.2.1 cpe:/a:mozilla:bugzilla:3.2.2 cpe:/a:mozilla:bugzilla:3.2.3 cpe:/a:mozilla:bugzilla:3.2.4 cpe:/a:mozilla:bugzilla:3.2.5 cpe:/a:mozilla:bugzilla:3.2.6 cpe:/a:mozilla:bugzilla:3.2.7 cpe:/a:mozilla:bugzilla:3.2.8 cpe:/a:mozilla:bugzilla:3.2.9 cpe:/a:mozilla:bugzilla:3.4.1 cpe:/a:mozilla:bugzilla:3.4.2 cpe:/a:mozilla:bugzilla:3.4.3 cpe:/a:mozilla:bugzilla:3.4.4 cpe:/a:mozilla:bugzilla:3.4.5 cpe:/a:mozilla:bugzilla:3.4.6 cpe:/a:mozilla:bugzilla:3.4.7 cpe:/a:mozilla:bugzilla:3.4.8 cpe:/a:mozilla:bugzilla:3.4.9 cpe:/a:mozilla:bugzilla:3.6.0 cpe:/a:mozilla:bugzilla:3.6.1 cpe:/a:mozilla:bugzilla:3.6.2 cpe:/a:mozilla:bugzilla:3.6.3 cpe:/a:mozilla:bugzilla:4.0 cpe:/a:mozilla:bugzilla:4.0:rc1

CVE-2011-0046

2011-01-28T11:00:02.987-05:00

2017-08-16T21:33:23.807-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov FEDORA FEDORA-2011-0741 FEDORA FEDORA-2011-0755 CONFIRM http://www.bugzilla.org/security/3.2.9/ DEBIAN DSA-2322 BID 45982 VUPEN ADV-2011-0207 VUPEN ADV-2011-0271 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621090 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621105 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621107 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621108 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621109 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=621110 XF bugzilla-unspec-csrf(65003) Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.

cpe:/a:mediawiki:mediawiki:1.1.0 cpe:/a:mediawiki:mediawiki:1.2.0 cpe:/a:mediawiki:mediawiki:1.2.1 cpe:/a:mediawiki:mediawiki:1.2.2 cpe:/a:mediawiki:mediawiki:1.2.3 cpe:/a:mediawiki:mediawiki:1.2.4 cpe:/a:mediawiki:mediawiki:1.2.5 cpe:/a:mediawiki:mediawiki:1.2.6 cpe:/a:mediawiki:mediawiki:1.3 cpe:/a:mediawiki:mediawiki:1.3.0 cpe:/a:mediawiki:mediawiki:1.3.1 cpe:/a:mediawiki:mediawiki:1.3.2 cpe:/a:mediawiki:mediawiki:1.3.3 cpe:/a:mediawiki:mediawiki:1.3.4 cpe:/a:mediawiki:mediawiki:1.3.5 cpe:/a:mediawiki:mediawiki:1.3.6 cpe:/a:mediawiki:mediawiki:1.3.7 cpe:/a:mediawiki:mediawiki:1.3.8 cpe:/a:mediawiki:mediawiki:1.3.9 cpe:/a:mediawiki:mediawiki:1.3.10 cpe:/a:mediawiki:mediawiki:1.3.11 cpe:/a:mediawiki:mediawiki:1.3.12 cpe:/a:mediawiki:mediawiki:1.3.13 cpe:/a:mediawiki:mediawiki:1.3.14 cpe:/a:mediawiki:mediawiki:1.3.15 cpe:/a:mediawiki:mediawiki:1.4:beta1 cpe:/a:mediawiki:mediawiki:1.4:beta2 cpe:/a:mediawiki:mediawiki:1.4:beta3 cpe:/a:mediawiki:mediawiki:1.4:beta4 cpe:/a:mediawiki:mediawiki:1.4:beta5 cpe:/a:mediawiki:mediawiki:1.4:beta6 cpe:/a:mediawiki:mediawiki:1.4.0 cpe:/a:mediawiki:mediawiki:1.4.1 cpe:/a:mediawiki:mediawiki:1.4.2 cpe:/a:mediawiki:mediawiki:1.4.3 cpe:/a:mediawiki:mediawiki:1.4.4 cpe:/a:mediawiki:mediawiki:1.4.5 cpe:/a:mediawiki:mediawiki:1.4.6 cpe:/a:mediawiki:mediawiki:1.4.7 cpe:/a:mediawiki:mediawiki:1.4.8 cpe:/a:mediawiki:mediawiki:1.4.9 cpe:/a:mediawiki:mediawiki:1.4.10 cpe:/a:mediawiki:mediawiki:1.4.11 cpe:/a:mediawiki:mediawiki:1.4.12 cpe:/a:mediawiki:mediawiki:1.4.13 cpe:/a:mediawiki:mediawiki:1.4.14 cpe:/a:mediawiki:mediawiki:1.5:alpha1 cpe:/a:mediawiki:mediawiki:1.5:alpha2 cpe:/a:mediawiki:mediawiki:1.5:beta1 cpe:/a:mediawiki:mediawiki:1.5:beta2 cpe:/a:mediawiki:mediawiki:1.5:beta3 cpe:/a:mediawiki:mediawiki:1.5:beta4 cpe:/a:mediawiki:mediawiki:1.5:rc2 cpe:/a:mediawiki:mediawiki:1.5:rc3 cpe:/a:mediawiki:mediawiki:1.5:rc4 cpe:/a:mediawiki:mediawiki:1.5.0 cpe:/a:mediawiki:mediawiki:1.5.1 cpe:/a:mediawiki:mediawiki:1.5.2 cpe:/a:mediawiki:mediawiki:1.5.3 cpe:/a:mediawiki:mediawiki:1.5.4 cpe:/a:mediawiki:mediawiki:1.5.5 cpe:/a:mediawiki:mediawiki:1.5.6 cpe:/a:mediawiki:mediawiki:1.5.7 cpe:/a:mediawiki:mediawiki:1.5.8 cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.6.5 cpe:/a:mediawiki:mediawiki:1.6.5_r14348 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.6.7 cpe:/a:mediawiki:mediawiki:1.6.8 cpe:/a:mediawiki:mediawiki:1.6.9 cpe:/a:mediawiki:mediawiki:1.6.10 cpe:/a:mediawiki:mediawiki:1.6.12 cpe:/a:mediawiki:mediawiki:1.7.0 cpe:/a:mediawiki:mediawiki:1.7.1 cpe:/a:mediawiki:mediawiki:1.7.2 cpe:/a:mediawiki:mediawiki:1.7.3 cpe:/a:mediawiki:mediawiki:1.8.0 cpe:/a:mediawiki:mediawiki:1.8.1 cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.8.3 cpe:/a:mediawiki:mediawiki:1.8.4 cpe:/a:mediawiki:mediawiki:1.8.5 cpe:/a:mediawiki:mediawiki:1.9.0 cpe:/a:mediawiki:mediawiki:1.9.0:rc2 cpe:/a:mediawiki:mediawiki:1.9.1 cpe:/a:mediawiki:mediawiki:1.9.2 cpe:/a:mediawiki:mediawiki:1.9.3 cpe:/a:mediawiki:mediawiki:1.9.4 cpe:/a:mediawiki:mediawiki:1.9.5 cpe:/a:mediawiki:mediawiki:1.9.6 cpe:/a:mediawiki:mediawiki:1.10.0 cpe:/a:mediawiki:mediawiki:1.10.0:rc1 cpe:/a:mediawiki:mediawiki:1.10.0:rc2 cpe:/a:mediawiki:mediawiki:1.10.1 cpe:/a:mediawiki:mediawiki:1.10.2 cpe:/a:mediawiki:mediawiki:1.10.3 cpe:/a:mediawiki:mediawiki:1.10.4 cpe:/a:mediawiki:mediawiki:1.11 cpe:/a:mediawiki:mediawiki:1.11:rc1 cpe:/a:mediawiki:mediawiki:1.11.0 cpe:/a:mediawiki:mediawiki:1.11.0:rc1 cpe:/a:mediawiki:mediawiki:1.11.1 cpe:/a:mediawiki:mediawiki:1.11.2 cpe:/a:mediawiki:mediawiki:1.12.0 cpe:/a:mediawiki:mediawiki:1.12.0:rc1 cpe:/a:mediawiki:mediawiki:1.12.1 cpe:/a:mediawiki:mediawiki:1.12.2 cpe:/a:mediawiki:mediawiki:1.12.3 cpe:/a:mediawiki:mediawiki:1.12.4 cpe:/a:mediawiki:mediawiki:1.13.0 cpe:/a:mediawiki:mediawiki:1.13.0:rc1 cpe:/a:mediawiki:mediawiki:1.13.0:rc2 cpe:/a:mediawiki:mediawiki:1.13.1 cpe:/a:mediawiki:mediawiki:1.13.2 cpe:/a:mediawiki:mediawiki:1.13.3 cpe:/a:mediawiki:mediawiki:1.13.4 cpe:/a:mediawiki:mediawiki:1.14.0 cpe:/a:mediawiki:mediawiki:1.14.0:rc1 cpe:/a:mediawiki:mediawiki:1.14.1 cpe:/a:mediawiki:mediawiki:1.15.0 cpe:/a:mediawiki:mediawiki:1.15.0:rc1 cpe:/a:mediawiki:mediawiki:1.15.1 cpe:/a:mediawiki:mediawiki:1.15.2 cpe:/a:mediawiki:mediawiki:1.15.3 cpe:/a:mediawiki:mediawiki:1.16.0 cpe:/a:mediawiki:mediawiki:1.16.0:beta1 cpe:/a:mediawiki:mediawiki:1.16.0:beta2 cpe:/a:mediawiki:mediawiki:1.16.1 cpe:/a:mediawiki:mediawiki:stable_2003-08-29 cpe:/a:mediawiki:mediawiki:stable_2003-11-07 cpe:/a:mediawiki:mediawiki:stable_2003-11-17

CVE-2011-0047

2011-02-03T20:00:05.683-05:00

2017-08-16T21:33:23.883-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov FEDORA FEDORA-2011-5848 FEDORA FEDORA-2011-5812 FEDORA FEDORA-2011-5807 MLIST [MediaWiki-announce] 20110201 MediaWiki security release 1.16.2 BID 46108 VUPEN ADV-2011-0273 CONFIRM https://bugzilla.wikimedia.org/show_bug.cgi?id=27093 XF mediawiki-css-comments-xss(65126) Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

CVE-2011-0048

2011-01-28T11:00:03.030-05:00

2017-08-16T21:33:23.977-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

cpe:/a:mj2:majordomo_2:20110101 cpe:/a:mj2:majordomo_2:20110102 cpe:/a:mj2:majordomo_2:20110103 cpe:/a:mj2:majordomo_2:20110104 cpe:/a:mj2:majordomo_2:20110105 cpe:/a:mj2:majordomo_2:20110106 cpe:/a:mj2:majordomo_2:20110107 cpe:/a:mj2:majordomo_2:20110108 cpe:/a:mj2:majordomo_2:20110109 cpe:/a:mj2:majordomo_2:20110110 cpe:/a:mj2:majordomo_2:20110111 cpe:/a:mj2:majordomo_2:20110112 cpe:/a:mj2:majordomo_2:20110113 cpe:/a:mj2:majordomo_2:20110114 cpe:/a:mj2:majordomo_2:20110115 cpe:/a:mj2:majordomo_2:20110116 cpe:/a:mj2:majordomo_2:20110117 cpe:/a:mj2:majordomo_2:20110118 cpe:/a:mj2:majordomo_2:20110119 cpe:/a:mj2:majordomo_2:20110120 cpe:/a:mj2:majordomo_2:20110121 cpe:/a:mj2:majordomo_2:20110122 cpe:/a:mj2:majordomo_2:20110123 cpe:/a:mj2:majordomo_2:20110124 cpe:/a:mj2:majordomo_2:20110125 cpe:/a:mj2:majordomo_2:20110126 cpe:/a:mj2:majordomo_2:20110127 cpe:/a:mj2:majordomo_2:20110128 cpe:/a:mj2:majordomo_2:20110129 cpe:/a:mj2:majordomo_2:20110130

CVE-2011-0049

2011-02-03T20:00:07.400-05:00

2018-10-10T16:09:23.653-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 8061 EXPLOIT-DB 16103 CERT-VN VU#363726 BUGTRAQ 20110203 Majordomo2 - Directory Traversal (SMTP/HTTP) BID 46127 SECTRACK 1025024 VUPEN ADV-2011-0288 MISC https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=628064 XF majordomo-listfile-directory-traversal(65113) MISC https://sitewat.ch/en/Advisory/View/1 Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

cpe:/a:cgiirc:cgi%3airc:0.1 cpe:/a:cgiirc:cgi%3airc:0.2 cpe:/a:cgiirc:cgi%3airc:0.2.1 cpe:/a:cgiirc:cgi%3airc:0.3 cpe:/a:cgiirc:cgi%3airc:0.3.1 cpe:/a:cgiirc:cgi%3airc:0.3.2 cpe:/a:cgiirc:cgi%3airc:0.3.3 cpe:/a:cgiirc:cgi%3airc:0.3.3_pre1 cpe:/a:cgiirc:cgi%3airc:0.3.4 cpe:/a:cgiirc:cgi%3airc:0.3.5 cpe:/a:cgiirc:cgi%3airc:0.3.5b cpe:/a:cgiirc:cgi%3airc:0.3.6 cpe:/a:cgiirc:cgi%3airc:0.3.7 cpe:/a:cgiirc:cgi%3airc:0.3_pre1 cpe:/a:cgiirc:cgi%3airc:0.3_pre2 cpe:/a:cgiirc:cgi%3airc:0.4 cpe:/a:cgiirc:cgi%3airc:0.4.1 cpe:/a:cgiirc:cgi%3airc:0.4.2 cpe:/a:cgiirc:cgi%3airc:0.4.3 cpe:/a:cgiirc:cgi%3airc:0.5 cpe:/a:cgiirc:cgi%3airc:0.5.1 cpe:/a:cgiirc:cgi%3airc:0.5.2 cpe:/a:cgiirc:cgi%3airc:0.5.3 cpe:/a:cgiirc:cgi%3airc:0.5.4 cpe:/a:cgiirc:cgi%3airc:0.5.5 cpe:/a:cgiirc:cgi%3airc:0.5.6 cpe:/a:cgiirc:cgi%3airc:0.5.7 cpe:/a:cgiirc:cgi%3airc:0.5.8 cpe:/a:cgiirc:cgi%3airc:0.5.9

CVE-2011-0050

2011-02-18T20:00:01.933-05:00

2018-10-10T16:09:24.887-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 8097 MLIST [cgiirc-general] 20110207 CGI:IRC 0.5.10 released to fix XSS issue (CVE-2011-0050) DEBIAN DSA-2158 BUGTRAQ 20110209 CGI:IRC XSS issue (CVE-2011-0050) VUPEN ADV-2011-0346 Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter.

CVE-2011-0051

2011-03-02T15:00:01.380-05:00

2017-09-18T21:31:51.333-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7

CVE-2011-0053

2011-03-02T15:00:01.410-05:00

2017-09-18T21:31:51.427-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 CONFIRM http://support.avaya.com/css/P8/documents/100128655 MANDRIVA MDVSA-2011:042 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-01.html REDHAT RHSA-2011:0312 REDHAT RHSA-2011:0313 BID 46645 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=558531 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=558541 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=558633 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=563243 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=563618 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=576649 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=596232 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=600853 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=600974 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=602115 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=605672 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=613376 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=614499 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2011-0054

2011-03-02T15:00:01.490-05:00

2017-09-18T21:31:51.520-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 MANDRIVA MDVSA-2011:041 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-04.html BID 46648 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=615657 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.

CVE-2011-0055

2011-03-02T15:00:01.507-05:00

2017-09-18T21:31:51.597-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 MANDRIVA MDVSA-2011:041 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-03.html BUGTRAQ 20110302 ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability BID 46661 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-103/ CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=616009 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=619255 Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.

CVE-2011-0056

2011-03-02T15:00:01.537-05:00

2017-09-18T21:31:51.677-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 MANDRIVA MDVSA-2011:041 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-05.html BID 46650 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=622015 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.

CVE-2011-0057

2011-03-02T15:00:01.567-05:00

2017-09-18T21:31:51.770-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 MANDRIVA MDVSA-2011:041 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-06.html BID 46663 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=626631 Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.

CVE-2011-0058

2011-03-02T15:00:01.583-05:00

2017-09-18T21:31:51.880-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 MANDRIVA MDVSA-2011:041 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-07.html BID 46660 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=607160 Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.

CVE-2011-0059

2011-03-02T15:00:01.597-05:00

2017-09-18T21:31:51.973-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

CVE-2011-0060

2017-05-11T10:29:12.653-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7

CVE-2011-0061

2011-03-02T15:00:01.613-05:00

2017-09-18T21:31:52.050-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 MANDRIVA MDVSA-2011:041 MANDRIVA MDVSA-2011:042 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-09.html BID 46651 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=610601 Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.

CVE-2011-0062

2011-03-02T15:00:01.630-05:00

2017-09-18T21:31:52.130-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100133195 MANDRIVA MDVSA-2011:041 MANDRIVA MDVSA-2011:042 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-01.html BID 46647 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=569384 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=599610 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2011-0063

2011-03-15T13:55:02.937-04:00

2018-10-10T16:09:25.480-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SREASON 8133 MISC http://sotiriu.de/adv/NSOADV-2011-003.txt BUGTRAQ 20110308 NSOADV-2011-003: Majordomo2 'help' Command Directory Traversal (Patch Bypass) CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=631307 XF majordomo-listfileget-dir-traversal(66011) The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

cpe:/a:mozilla:firefox cpe:/a:pango:pango:1.28.3

CVE-2011-0064

2011-03-07T16:00:01.330-05:00

2017-08-16T21:33:24.180-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 FEDORA FEDORA-2011-3194 SUSE SUSE-SR:2011:005 SECTRACK 1025145 DEBIAN DSA-2178 MANDRIVA MDVSA-2011:040 REDHAT RHSA-2011:0309 BID 46632 UBUNTU USN-1082-1 VUPEN ADV-2011-0543 VUPEN ADV-2011-0555 VUPEN ADV-2011-0558 VUPEN ADV-2011-0584 VUPEN ADV-2011-0683 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=606997 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=672502 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=678563 CONFIRM https://build.opensuse.org/request/show/63070 XF pango-hbbufferensure-bo(65770) The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

CVE-2011-0065

2011-05-07T14:55:00.997-04:00

2017-09-18T21:31:52.253-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 SREASON 8326 SREASON 8331 SREASON 8340 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-13.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=634986 Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.

CVE-2011-0066

2011-05-07T14:55:01.043-04:00

2017-09-18T21:31:52.333-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-13.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=634983 Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.

CVE-2011-0067

2011-05-07T14:55:01.090-04:00

2017-09-18T21:31:52.427-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-14.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=527935 Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.

cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:4.0 cpe:/a:mozilla:firefox:4.0:beta1 cpe:/a:mozilla:firefox:4.0:beta10 cpe:/a:mozilla:firefox:4.0:beta11 cpe:/a:mozilla:firefox:4.0:beta12 cpe:/a:mozilla:firefox:4.0:beta2 cpe:/a:mozilla:firefox:4.0:beta3 cpe:/a:mozilla:firefox:4.0:beta4 cpe:/a:mozilla:firefox:4.0:beta5 cpe:/a:mozilla:firefox:4.0:beta6 cpe:/a:mozilla:firefox:4.0:beta7 cpe:/a:mozilla:firefox:4.0:beta8 cpe:/a:mozilla:firefox:4.0:beta9 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0069

2011-05-07T14:55:01.120-04:00

2017-09-18T21:31:52.520-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47656 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=644069 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.

CVE-2011-0070

2011-05-07T14:55:01.167-04:00

2017-09-18T21:31:52.613-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47654 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=645565 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.

cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0071

2011-05-07T14:55:01.197-04:00

2017-09-18T21:31:52.723-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-16.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=624764 Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.

cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0072

2011-05-07T14:55:01.247-04:00

2017-09-18T21:31:52.817-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100134543 CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47655 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=624187 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.

CVE-2011-0073

2011-05-07T14:55:01.293-04:00

2017-09-18T21:31:52.910-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100134543 CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 SREASON 8310 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-13.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=630919 Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0074

2011-05-07T14:55:01.323-04:00

2017-09-18T21:31:53.003-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100134543 CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47646 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=619021 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.

cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0075

2011-05-07T14:55:01.357-04:00

2017-09-18T21:31:53.097-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://downloads.avaya.com/css/P8/documents/100134543 CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47647 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=635977 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.

CVE-2011-0076

2011-05-07T14:55:01.387-04:00

2017-09-18T21:31:53.207-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MANDRIVA MDVSA-2011:079 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-15.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=634724 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=644682 Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.

cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0077

2011-05-07T14:55:01.433-04:00

2017-09-18T21:31:53.300-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100134543 CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47648 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=623998 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.

cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0078

2011-05-07T14:55:01.463-04:00

2017-09-18T21:31:53.397-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100134543 CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47651 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=635705 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.

cpe:/a:mozilla:firefox:4.0 cpe:/a:mozilla:firefox:4.0:beta1 cpe:/a:mozilla:firefox:4.0:beta10 cpe:/a:mozilla:firefox:4.0:beta11 cpe:/a:mozilla:firefox:4.0:beta12 cpe:/a:mozilla:firefox:4.0:beta2 cpe:/a:mozilla:firefox:4.0:beta3 cpe:/a:mozilla:firefox:4.0:beta4 cpe:/a:mozilla:firefox:4.0:beta5 cpe:/a:mozilla:firefox:4.0:beta6 cpe:/a:mozilla:firefox:4.0:beta7 cpe:/a:mozilla:firefox:4.0:beta8 cpe:/a:mozilla:firefox:4.0:beta9

CVE-2011-0079

2011-05-07T14:55:01.497-04:00

2017-09-18T21:31:53.473-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=601102 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=639343 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=639728 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=639885 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=641388 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=642717 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=643649 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.

cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0080

2011-05-07T14:55:01.543-04:00

2017-09-18T21:31:53.567-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100134543 CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47641 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=615147 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=634257 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=637621 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=637957 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=638236 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

cpe:/a:mozilla:firefox:3.6.1 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:4.0 cpe:/a:mozilla:firefox:4.0:beta1 cpe:/a:mozilla:firefox:4.0:beta10 cpe:/a:mozilla:firefox:4.0:beta11 cpe:/a:mozilla:firefox:4.0:beta12 cpe:/a:mozilla:firefox:4.0:beta2 cpe:/a:mozilla:firefox:4.0:beta3 cpe:/a:mozilla:firefox:4.0:beta4 cpe:/a:mozilla:firefox:4.0:beta5 cpe:/a:mozilla:firefox:4.0:beta6 cpe:/a:mozilla:firefox:4.0:beta7 cpe:/a:mozilla:firefox:4.0:beta8 cpe:/a:mozilla:firefox:4.0:beta9 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9

CVE-2011-0081

2011-05-07T14:55:01.573-04:00

2017-09-18T21:31:53.630-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird CONFIRM http://downloads.avaya.com/css/P8/documents/100144158 DEBIAN DSA-2227 DEBIAN DSA-2228 DEBIAN DSA-2235 MANDRIVA MDVSA-2011:079 MANDRIVA MDVSA-2011:080 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-12.html BID 47653 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=645289 Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2011-0082

2011-06-06T15:55:01.317-04:00

2017-09-18T21:31:53.707-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627552 MLIST [oss-security] 20110531 Re: CVE request: firefox doesn't (re)validate certificates when loading HTTPS page MLIST [oss-security] 20110531 Re: CVE request: firefox doesn't (re)validate certificates when loading HTTPS page MLIST [oss-security] 20110531 CVE request: firefox doesn't (re)validate certificates when loading HTTPS page MLIST [oss-security] 20110531 Re: CVE request: firefox doesn't (re)validate certificates when loading HTTPS page BID 48064 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=660749 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=709165 The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server.

cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.5.19 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:3.6.17 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:seamonkey:2.0.14 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:thunderbird:3.1.10

CVE-2011-0083

2011-06-30T12:55:04.957-04:00

2017-09-18T21:31:53.800-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SUSE SUSE-SA:2011:028 CONFIRM http://support.avaya.com/css/P8/documents/100144854 CONFIRM http://support.avaya.com/css/P8/documents/100145333 DEBIAN DSA-2268 DEBIAN DSA-2269 DEBIAN DSA-2273 MANDRIVA MDVSA-2011:111 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-23.html REDHAT RHSA-2011:0885 REDHAT RHSA-2011:0886 REDHAT RHSA-2011:0887 REDHAT RHSA-2011:0888 UBUNTU USN-1149-1 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=648090 Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.

CVE-2011-0084

2011-08-18T14:55:01.333-04:00

2017-09-18T21:31:53.910-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SUSE SUSE-SA:2011:037 SUSE SUSE-SU-2011:0967 DEBIAN DSA-2295 DEBIAN DSA-2296 DEBIAN DSA-2297 MANDRIVA MDVSA-2011:127 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-29.html CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-30.html CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-31.html CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-33.html REDHAT RHSA-2011:1164 REDHAT RHSA-2011:1166 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=648094 The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.5.19 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:3.6.17 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:seamonkey:2.0.14 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:2.0 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:thunderbird:3.1.10

CVE-2011-0085

2011-06-30T12:55:04.987-04:00

2017-09-18T21:31:54.020-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SUSE SUSE-SA:2011:028 CONFIRM http://support.avaya.com/css/P8/documents/100144854 CONFIRM http://support.avaya.com/css/P8/documents/100145333 DEBIAN DSA-2268 DEBIAN DSA-2269 DEBIAN DSA-2273 MANDRIVA MDVSA-2011:111 CONFIRM http://www.mozilla.org/security/announce/2011/mfsa2011-23.html REDHAT RHSA-2011:0885 REDHAT RHSA-2011:0886 REDHAT RHSA-2011:0887 REDHAT RHSA-2011:0888 UBUNTU USN-1149-1 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=648100 Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.

CVE-2011-0086

2011-02-08T20:00:08.320-05:00

2019-02-26T09:04:00.993-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 46141 VUPEN ADV-2011-0325 MS MS11-012 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista:-:sp1 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_xp:-:sp2:x64

CVE-2011-0087

2011-02-08T20:00:08.400-05:00

2019-02-26T09:04:00.993-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 46148 VUPEN ADV-2011-0325 MS MS11-012 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."

CVE-2011-0088

2011-02-08T20:00:08.493-05:00

2019-02-26T09:04:00.993-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 46147 VUPEN ADV-2011-0325 MS MS11-012 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."

CVE-2011-0089

2011-02-08T20:00:08.570-05:00

2019-02-26T09:04:00.993-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 46149 VUPEN ADV-2011-0325 MS MS11-012 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."

CVE-2011-0090

2011-02-08T20:00:08.667-05:00

2019-02-26T09:04:00.993-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov BID 46150 VUPEN ADV-2011-0325 MS MS11-012 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."

cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2008:r2::x64

CVE-2011-0091

2011-02-10T11:00:13.723-05:00

2018-10-30T12:27:21.030-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://support.avaya.com/css/P8/documents/100127250 BID 46140 SECTRACK 1025048 VUPEN ADV-2011-0326 MS MS11-013 XF ms-kerberos-spoofing(64901) Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."

cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp2

CVE-2011-0092

2011-02-10T11:00:31.833-05:00

2018-10-12T17:59:23.837-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BUGTRAQ 20110208 ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability BID 46137 SECTRACK 1025043 VUPEN ADV-2011-0321 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-063/ MS MS11-008 XF ms-visio-object-code-execution(64923) The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."

cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:visio:2003:sp3 cpe:/a:microsoft:visio:2007:sp2

CVE-2011-0093

2011-02-10T11:00:31.863-05:00

2018-10-12T17:59:24.900-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 46138 SECTRACK 1025043 VUPEN ADV-2011-0321 MS MS11-008 XF ms-visio-data-code-execution(64924) ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."

cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:7

CVE-2011-0094

2011-04-13T14:55:01.047-04:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20110412 Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability SECTRACK 1025327 CERT TA11-102A MS MS11-018 Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability."

CVE-2011-0095

2017-05-11T10:29:12.667-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_7:- cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2008:::itanium cpe:/o:microsoft:windows_server_2008:::x32 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/o:microsoft:windows_server_2008::sp2:x32 cpe:/o:microsoft:windows_server_2008::sp2:x64 cpe:/o:microsoft:windows_server_2008:-:sp2:itanium cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2008:r2::x64 cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_vista::sp1:x64 cpe:/o:microsoft:windows_vista::sp2 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_xp::sp3

CVE-2011-0096

2011-01-31T15:00:49.173-05:00

2019-02-26T09:04:00.993-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx CONFIRM http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx MISC http://www.80vul.com/webzine_0x05/0x05%20IE%E4%B8%8BMHTML%E5%8D%8F%E8%AE%AE%E5%B8%A6%E6%9D%A5%E7%9A%84%E8%B7%A8%E5%9F%9F%E5%8D%B1%E5%AE%B3.html EXPLOIT-DB 16071 CERT-VN VU#326549 CONFIRM http://www.microsoft.com/technet/security/advisory/2501696.mspx BID 46055 SECTRACK 1025003 CERT TA11-102A VUPEN ADV-2011-0242 MS MS11-026 XF ms-win-mhtml-info-disclosure(65000) The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."

cpe:/a:microsoft:excel:-:-:x64 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:excel:2007:sp2 cpe:/a:microsoft:excel:2010 cpe:/a:microsoft:excel_viewer:-:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office_compatibility_pack:2007:sp2 cpe:/a:microsoft:open_xml_file_format_converter:::mac

CVE-2011-0097

2011-04-13T14:55:01.080-04:00

2018-10-12T17:59:27.790-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 47201 SECTRACK 1025337 CERT TA11-102A VUPEN ADV-2011-0940 MS MS11-021 Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability."

CVE-2011-0098

2011-04-13T14:55:01.127-04:00

2018-10-12T17:59:28.633-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 47235 SECTRACK 1025337 CERT TA11-102A VUPEN ADV-2011-0940 MS MS11-021 Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability."

CVE-2011-0099

2017-05-11T10:29:12.683-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

CVE-2011-0100

2017-05-11T10:29:12.713-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

cpe:/a:microsoft:excel:2002:sp3

CVE-2011-0101

2011-04-13T14:55:01.157-04:00

2018-10-12T17:59:29.463-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BUGTRAQ 20110412 ZDI-11-120: Microsoft Office Excel RealTimeData Record Parsing Remote Code Execution Vulnerability BID 47243 SECTRACK 1025337 CERT TA11-102A VUPEN ADV-2011-0940 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-120 MS MS11-021 Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."

CVE-2011-0102

2017-05-11T10:29:12.730-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:open_xml_file_format_converter:::mac

CVE-2011-0103

2011-04-13T14:55:01.187-04:00

2018-10-12T17:59:30.447-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20110412 Microsoft Excel Memory Corruption Vulnerability BID 47244 SECTRACK 1025337 CERT TA11-102A VUPEN ADV-2011-0940 MS MS11-021 Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."

cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel:2003:sp3 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:open_xml_file_format_converter:::mac

CVE-2011-0104

2011-04-13T14:55:01.220-04:00

2018-10-12T17:59:31.260-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://www.checkpoint.com/defense/advisories/public/2011/cpai-31-Mard.html BID 47245 SECTRACK 1025337 CERT TA11-102A VUPEN ADV-2011-0940 MS MS11-021 Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."

cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:open_xml_file_format_converter:::mac

CVE-2011-0105

2011-04-13T14:55:01.250-04:00

2018-10-12T17:59:32.087-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1025337 CERT TA11-102A VUPEN ADV-2011-0940 MS MS11-021 Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."

CVE-2011-0106

2017-05-11T10:29:12.747-04:00

2017-05-11T10:29:12.760-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

cpe:/a:microsoft:office:2003:sp3 cpe:/a:microsoft:office:2007:sp2 cpe:/a:microsoft:office:xp:sp3

CVE-2011-0107

2011-04-13T14:55:01.283-04:00

2018-10-12T17:59:32.633-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://www.fortiguard.com/advisory/FGA-2011-13.html BID 47246 SECTRACK 1025343 CERT TA11-102A VUPEN ADV-2011-0942 MS MS11-023 Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."

CVE-2011-0108

2017-05-11T10:29:12.777-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

CVE-2011-0109

2017-05-11T10:29:12.807-04:00

2017-05-11T10:29:12.823-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

CVE-2011-0110

2017-05-11T10:29:12.840-04:00

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none.

cpe:/a:apple:itunes:4.0.0 cpe:/a:apple:itunes:4.0.1 cpe:/a:apple:itunes:4.1.0 cpe:/a:apple:itunes:4.2.0 cpe:/a:apple:itunes:4.5 cpe:/a:apple:itunes:4.5.0 cpe:/a:apple:itunes:4.6 cpe:/a:apple:itunes:4.6.0 cpe:/a:apple:itunes:4.7 cpe:/a:apple:itunes:4.7.0 cpe:/a:apple:itunes:4.7.1 cpe:/a:apple:itunes:4.7.2 cpe:/a:apple:itunes:4.8.0 cpe:/a:apple:itunes:4.9.0 cpe:/a:apple:itunes:5.0 cpe:/a:apple:itunes:5.0.0 cpe:/a:apple:itunes:5.0.1 cpe:/a:apple:itunes:6.0.0 cpe:/a:apple:itunes:6.0.1 cpe:/a:apple:itunes:6.0.2 cpe:/a:apple:itunes:6.0.3 cpe:/a:apple:itunes:6.0.4 cpe:/a:apple:itunes:6.0.4.2 cpe:/a:apple:itunes:6.0.5 cpe:/a:apple:itunes:7.0.0 cpe:/a:apple:itunes:7.0.1 cpe:/a:apple:itunes:7.0.2 cpe:/a:apple:itunes:7.1.0 cpe:/a:apple:itunes:7.1.1 cpe:/a:apple:itunes:7.2.0 cpe:/a:apple:itunes:7.3.0 cpe:/a:apple:itunes:7.3.1 cpe:/a:apple:itunes:7.3.2 cpe:/a:apple:itunes:7.4 cpe:/a:apple:itunes:7.4.0 cpe:/a:apple:itunes:7.4.1 cpe:/a:apple:itunes:7.4.2 cpe:/a:apple:itunes:7.4.3 cpe:/a:apple:itunes:7.5 cpe:/a:apple:itunes:7.5.0 cpe:/a:apple:itunes:7.6 cpe:/a:apple:itunes:7.6.0 cpe:/a:apple:itunes:7.6.1 cpe:/a:apple:itunes:7.6.2 cpe:/a:apple:itunes:7.7 cpe:/a:apple:itunes:7.7.0 cpe:/a:apple:itunes:7.7.1 cpe:/a:apple:itunes:8.0.0 cpe:/a:apple:itunes:8.0.1 cpe:/a:apple:itunes:8.0.2 cpe:/a:apple:itunes:8.1 cpe:/a:apple:itunes:8.1.1 cpe:/a:apple:itunes:8.2 cpe:/a:apple:itunes:8.2.1 cpe:/a:apple:itunes:9.0.0 cpe:/a:apple:itunes:9.0.1 cpe:/a:apple:itunes:9.0.2 cpe:/a:apple:itunes:9.0.3 cpe:/a:apple:itunes:9.2 cpe:/a:apple:itunes:9.2.1 cpe:/a:apple:itunes:10.0 cpe:/a:apple:itunes:10.0.1 cpe:/a:apple:itunes:10.1 cpe:/a:apple:itunes:10.1.1 cpe:/a:apple:itunes:10.1.2 cpe:/a:apple:webkit

CVE-2011-0111

2011-03-03T15:00:01.457-05:00

2017-09-18T21:31:55.147-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0112

2011-03-03T15:00:01.520-05:00

2017-09-18T21:31:55.270-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0113

2011-03-03T15:00:01.550-05:00

2017-09-18T21:31:55.333-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0114

2011-03-03T15:00:01.583-05:00

2017-09-18T21:31:55.410-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0115

2011-03-03T15:00:01.613-05:00

2011-03-17T22:56:29.617-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-096 The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0116

2011-03-03T15:00:01.643-05:00

2017-09-18T21:31:55.473-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-097 Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0117

2011-03-03T15:00:01.677-05:00

2017-09-18T21:31:55.537-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0118

2011-03-03T15:00:01.707-05:00

2017-09-18T21:31:55.597-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0119

2011-03-03T15:00:01.723-05:00

2017-09-18T21:31:55.677-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0120

2011-03-03T15:00:01.737-05:00

2017-09-18T21:31:55.787-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0121

2011-03-03T15:00:01.753-05:00

2017-09-18T21:31:55.847-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0122

2011-03-03T15:00:01.770-05:00

2017-09-18T21:31:55.927-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0123

2011-03-03T15:00:01.800-05:00

2017-09-18T21:31:56.020-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0124

2011-03-03T15:00:01.817-05:00

2017-09-18T21:31:56.097-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0125

2011-03-03T15:00:01.833-05:00

2017-09-18T21:31:56.160-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0126

2011-03-03T15:00:01.847-05:00

2017-09-18T21:31:56.240-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0127

2011-03-03T15:00:01.863-05:00

2017-09-18T21:31:56.300-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0128

2011-03-03T15:00:01.893-05:00

2017-09-18T21:31:56.380-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0129

2011-03-03T15:00:01.910-05:00

2017-09-18T21:31:56.443-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0130

2011-03-03T15:00:01.927-05:00

2017-09-18T21:31:56.520-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0131

2011-03-03T15:00:01.957-05:00

2017-09-18T21:31:56.597-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0132

2011-03-03T15:00:01.973-05:00

2011-03-17T22:56:32.537-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-098 Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0133

2011-03-03T15:00:01.987-05:00

2017-09-18T21:31:56.660-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-099 WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0134

2011-03-03T15:00:02.020-05:00

2017-09-18T21:31:56.880-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0135

2011-03-03T15:00:02.037-05:00

2017-09-18T21:31:56.957-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0136

2011-03-03T15:00:02.050-05:00

2017-09-18T21:31:57.020-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0137

2011-03-03T15:00:02.067-05:00

2017-09-18T21:31:57.083-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0138

2011-03-03T15:00:02.083-05:00

2017-09-18T21:31:57.160-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0139

2011-03-03T15:00:02.113-05:00

2017-09-18T21:31:57.270-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4566 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0140

2011-03-03T15:00:02.127-05:00

2017-09-18T21:31:57.333-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0141

2011-03-03T15:00:02.143-05:00

2017-09-18T21:31:57.397-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0142

2011-03-03T15:00:02.177-05:00

2017-09-18T21:31:57.473-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0143

2011-03-03T15:00:02.190-05:00

2017-09-18T21:31:57.550-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0144

2011-03-03T15:00:02.207-05:00

2017-09-18T21:31:57.630-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0145

2011-03-03T15:00:02.223-05:00

2017-09-18T21:31:57.693-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0146

2011-03-03T15:00:02.253-05:00

2017-09-18T21:31:57.753-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0147

2011-03-03T15:00:02.270-05:00

2017-09-18T21:31:57.833-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0148

2011-03-03T15:00:02.287-05:00

2017-09-18T21:31:57.897-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0149

2011-03-03T15:00:02.317-05:00

2017-09-18T21:31:57.957-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-100 WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0150

2011-03-03T15:00:02.333-05:00

2017-09-18T21:31:58.037-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0151

2011-03-03T15:00:02.363-05:00

2017-09-18T21:31:58.130-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0152

2011-03-03T15:00:02.377-05:00

2017-09-18T21:31:58.207-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0153

2011-03-03T15:00:02.393-05:00

2017-09-18T21:31:58.317-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0154

2011-03-03T15:00:02.410-05:00

2017-09-18T21:31:58.397-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-101 WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0155

2011-03-03T15:00:02.440-05:00

2017-09-18T21:31:58.473-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0156

2011-03-03T15:00:02.457-05:00

2017-09-18T21:31:58.550-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

cpe:/a:apple:webkit cpe:/o:apple:iphone_os:1.0.0 cpe:/o:apple:iphone_os:1.0.1 cpe:/o:apple:iphone_os:1.0.2 cpe:/o:apple:iphone_os:1.1.0 cpe:/o:apple:iphone_os:1.1.1 cpe:/o:apple:iphone_os:1.1.2 cpe:/o:apple:iphone_os:1.1.3 cpe:/o:apple:iphone_os:1.1.4 cpe:/o:apple:iphone_os:1.1.5 cpe:/o:apple:iphone_os:2.0 cpe:/o:apple:iphone_os:2.0.0 cpe:/o:apple:iphone_os:2.0.1 cpe:/o:apple:iphone_os:2.0.2 cpe:/o:apple:iphone_os:2.1 cpe:/o:apple:iphone_os:2.1.1 cpe:/o:apple:iphone_os:2.2 cpe:/o:apple:iphone_os:2.2.1 cpe:/o:apple:iphone_os:3.0 cpe:/o:apple:iphone_os:3.0.1 cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.1.2 cpe:/o:apple:iphone_os:3.1.3 cpe:/o:apple:iphone_os:3.2 cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:4.2

CVE-2011-0157

2011-03-11T17:55:02.543-05:00

2017-08-16T21:33:24.493-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 CONFIRM http://support.apple.com/kb/HT4564 BID 46807 XF appleios-webkit-unspec-code-exec(66007) WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.

cpe:/o:apple:iphone_os:1.0.0 cpe:/o:apple:iphone_os:1.0.1 cpe:/o:apple:iphone_os:1.0.2 cpe:/o:apple:iphone_os:1.1.0 cpe:/o:apple:iphone_os:1.1.1 cpe:/o:apple:iphone_os:1.1.2 cpe:/o:apple:iphone_os:1.1.3 cpe:/o:apple:iphone_os:1.1.4 cpe:/o:apple:iphone_os:1.1.5 cpe:/o:apple:iphone_os:2.0 cpe:/o:apple:iphone_os:2.0.0 cpe:/o:apple:iphone_os:2.0.1 cpe:/o:apple:iphone_os:2.0.2 cpe:/o:apple:iphone_os:2.1 cpe:/o:apple:iphone_os:2.1.1 cpe:/o:apple:iphone_os:2.2 cpe:/o:apple:iphone_os:2.2.1 cpe:/o:apple:iphone_os:3.0 cpe:/o:apple:iphone_os:3.0.1 cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.1.2 cpe:/o:apple:iphone_os:3.1.3 cpe:/o:apple:iphone_os:3.2 cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:4.2

CVE-2011-0158

2011-03-11T17:55:02.637-05:00

2017-08-16T21:33:24.557-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 CONFIRM http://support.apple.com/kb/HT4564 BID 46806 SECTRACK 1025182 XF appleios-mobilesafari-dos(66002) MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.

cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:4.2

CVE-2011-0159

2011-03-11T17:55:02.747-05:00

2011-03-30T23:29:13.860-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 CONFIRM http://support.apple.com/kb/HT4564 BID 46810 SECTRACK 1025182 The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.

cpe:/a:apple:safari:1.0 cpe:/a:apple:safari:1.0:beta cpe:/a:apple:safari:1.0:beta2 cpe:/a:apple:safari:1.0.0 cpe:/a:apple:safari:1.0.0b1 cpe:/a:apple:safari:1.0.0b2 cpe:/a:apple:safari:1.0.1 cpe:/a:apple:safari:1.0.2 cpe:/a:apple:safari:1.0.3 cpe:/a:apple:safari:1.0.3:85.8 cpe:/a:apple:safari:1.0.3:85.8.1 cpe:/a:apple:safari:1.1 cpe:/a:apple:safari:1.1.0 cpe:/a:apple:safari:1.1.1 cpe:/a:apple:safari:1.2 cpe:/a:apple:safari:1.2.0 cpe:/a:apple:safari:1.2.1 cpe:/a:apple:safari:1.2.2 cpe:/a:apple:safari:1.2.3 cpe:/a:apple:safari:1.2.4 cpe:/a:apple:safari:1.2.5 cpe:/a:apple:safari:1.3 cpe:/a:apple:safari:1.3.0 cpe:/a:apple:safari:1.3.1 cpe:/a:apple:safari:1.3.2 cpe:/a:apple:safari:1.3.2:312.5 cpe:/a:apple:safari:1.3.2:312.6 cpe:/a:apple:safari:2 cpe:/a:apple:safari:2.0 cpe:/a:apple:safari:2.0.0 cpe:/a:apple:safari:2.0.1 cpe:/a:apple:safari:2.0.2 cpe:/a:apple:safari:2.0.3 cpe:/a:apple:safari:2.0.3:417.8 cpe:/a:apple:safari:2.0.3:417.9 cpe:/a:apple:safari:2.0.3:417.9.2 cpe:/a:apple:safari:2.0.3:417.9.3 cpe:/a:apple:safari:2.0.4 cpe:/a:apple:safari:3 cpe:/a:apple:safari:3.0 cpe:/a:apple:safari:3.0.0 cpe:/a:apple:safari:3.0.0b cpe:/a:apple:safari:3.0.1 cpe:/a:apple:safari:3.0.1b cpe:/a:apple:safari:3.0.2 cpe:/a:apple:safari:3.0.2b cpe:/a:apple:safari:3.0.3 cpe:/a:apple:safari:3.0.3b cpe:/a:apple:safari:3.0.4 cpe:/a:apple:safari:3.0.4b cpe:/a:apple:safari:3.1.0 cpe:/a:apple:safari:3.1.0b cpe:/a:apple:safari:3.1.1 cpe:/a:apple:safari:3.1.2 cpe:/a:apple:safari:3.2.0 cpe:/a:apple:safari:3.2.1 cpe:/a:apple:safari:3.2.2 cpe:/a:apple:safari:4.1 cpe:/a:apple:safari:4.1.1 cpe:/a:apple:safari:4.1.2 cpe:/a:apple:safari:5.0 cpe:/a:apple:safari:5.0.1 cpe:/a:apple:safari:5.0.2 cpe:/a:apple:safari:5.0.3 cpe:/a:apple:webkit cpe:/o:apple:iphone_os:1.0.0 cpe:/o:apple:iphone_os:1.0.1 cpe:/o:apple:iphone_os:1.0.2 cpe:/o:apple:iphone_os:1.1.0 cpe:/o:apple:iphone_os:1.1.1 cpe:/o:apple:iphone_os:1.1.2 cpe:/o:apple:iphone_os:1.1.3 cpe:/o:apple:iphone_os:1.1.4 cpe:/o:apple:iphone_os:1.1.5 cpe:/o:apple:iphone_os:2.0 cpe:/o:apple:iphone_os:2.0.0 cpe:/o:apple:iphone_os:2.0.1 cpe:/o:apple:iphone_os:2.0.2 cpe:/o:apple:iphone_os:2.1 cpe:/o:apple:iphone_os:2.1.1 cpe:/o:apple:iphone_os:2.2 cpe:/o:apple:iphone_os:2.2.1 cpe:/o:apple:iphone_os:3.0 cpe:/o:apple:iphone_os:3.0.1 cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.1.2 cpe:/o:apple:iphone_os:3.1.3 cpe:/o:apple:iphone_os:3.2 cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:4.2

CVE-2011-0160

2011-03-11T17:55:02.840-05:00

2011-03-30T23:29:14.220-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 SECTRACK 1025182 WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

CVE-2011-0161

2011-03-11T17:55:02.947-05:00

2017-08-16T21:33:24.617-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 BID 46814 SECTRACK 1025182 XF appleios-attr-code-execution(66000) WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

cpe:/a:apple:apple_tv:4.0 cpe:/o:apple:iphone_os:1.0.0 cpe:/o:apple:iphone_os:1.0.1 cpe:/o:apple:iphone_os:1.0.2 cpe:/o:apple:iphone_os:1.1.0 cpe:/o:apple:iphone_os:1.1.1 cpe:/o:apple:iphone_os:1.1.2 cpe:/o:apple:iphone_os:1.1.3 cpe:/o:apple:iphone_os:1.1.4 cpe:/o:apple:iphone_os:1.1.5 cpe:/o:apple:iphone_os:2.0 cpe:/o:apple:iphone_os:2.0.0 cpe:/o:apple:iphone_os:2.0.1 cpe:/o:apple:iphone_os:2.0.2 cpe:/o:apple:iphone_os:2.1 cpe:/o:apple:iphone_os:2.1.1 cpe:/o:apple:iphone_os:2.2 cpe:/o:apple:iphone_os:2.2.1 cpe:/o:apple:iphone_os:3.0 cpe:/o:apple:iphone_os:3.0.1 cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.1.2 cpe:/o:apple:iphone_os:3.1.3 cpe:/o:apple:iphone_os:3.2 cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:4.2 cpe:/o:apple:tvos:1.0.0 cpe:/o:apple:tvos:1.1.0 cpe:/o:apple:tvos:2.0.0 cpe:/o:apple:tvos:2.0.1 cpe:/o:apple:tvos:2.0.2 cpe:/o:apple:tvos:2.1.0 cpe:/o:apple:tvos:3.0.2

CVE-2011-0162

2011-03-11T17:55:03.057-05:00

2019-03-08T11:06:25.590-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-3 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4565 BID 46813 SECTRACK 1025182 XF appleios-wifi-dos(65998) Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.

CVE-2011-0163

2011-03-11T17:55:03.167-05:00

2017-08-16T21:33:24.777-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4566 SECTRACK 1025182 XF appleios-cache-dos(66001) WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.

CVE-2011-0164

2011-03-03T15:00:02.487-05:00

2017-09-18T21:31:58.630-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 APPLE APPLE-SA-2011-03-02-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVE-2011-0165

2011-03-03T15:00:02.503-05:00

2017-09-18T21:31:58.707-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0166

2011-03-11T17:55:03.277-05:00

2017-08-16T21:33:24.837-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-10-12-1 CONFIRM http://support.apple.com/kb/HT4566 CONFIRM http://support.apple.com/kb/HT4999 BID 46811 SECTRACK 1025183 XF apple-safari-html5-info-disclosure(66004) The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.

CVE-2011-0167

2011-03-11T17:55:03.340-05:00

2011-03-30T23:29:16.237-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-2 CONFIRM http://support.apple.com/kb/HT4566 BID 46816 SECTRACK 1025183 The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.

CVE-2011-0168

2011-03-03T15:00:02.520-05:00

2017-09-18T21:31:58.787-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

CVE-2011-0169

2011-03-11T17:55:03.400-05:00

2017-08-16T21:33:24.900-04:00

2.6

NETWORK

HIGH

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-2 CONFIRM http://support.apple.com/kb/HT4566 BID 46809 SECTRACK 1025183 XF safari-commandlineapi-xss(66006) WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

CVE-2011-0170

2011-03-03T15:00:02.597-05:00

2017-09-18T21:31:58.847-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20110302 Apple CoreGraphics Library Heap Memory Corruption Vulnerability APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-02-1 APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4566 CONFIRM http://support.apple.com/kb/HT4581 Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.

CVE-2011-0172

2011-03-22T22:00:04.033-04:00

2011-03-24T00:00:00.000-04:00

4.9

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-03-23T10:02:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.

cpe:/a:apple:applescript cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0173

2011-03-22T22:00:04.050-04:00

2011-03-24T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T10:16:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

CVE-2011-0174

2011-03-22T22:00:04.080-04:00

2011-03-24T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T10:19:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.

CVE-2011-0175

2011-03-22T22:00:04.110-04:00

2011-03-24T14:35:31.500-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T10:28:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

CVE-2011-0176

2011-03-22T22:00:04.143-04:00

2011-03-24T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T10:32:00.000-04:00

CVE-2011-0177

2011-03-22T22:00:04.157-04:00

2011-03-24T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T10:35:00.000-04:00

cpe:/a:apple:carboncore cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0178

2011-03-22T22:00:04.173-04:00

2011-03-24T00:00:00.000-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-03-23T10:38:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

CVE-2011-0179

2011-03-22T22:00:04.207-04:00

2011-03-24T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T10:40:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

CVE-2011-0180

2011-03-22T22:00:04.220-04:00

2011-03-24T00:00:00.000-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-03-23T10:42:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

cpe:/a:apple:imageio cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0181

2011-03-22T22:00:04.237-04:00

2011-06-27T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T10:44:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.

CVE-2011-0182

2011-03-22T22:00:05.393-04:00

2012-02-13T23:03:22.353-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-21-1 SREASON 8402 CONFIRM http://support.apple.com/kb/HT4581 The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.

cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0183

2011-03-22T22:00:05.407-04:00

2011-03-24T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T11:04:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

CVE-2011-0184

2011-03-22T22:00:05.423-04:00

2011-10-20T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T11:09:00.000-04:00

IDEFENSE 20110321 Apple OfficeImport Framework Excel Memory Corruption Vulnerability APPLE APPLE-SA-2011-10-12-1 APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 CONFIRM http://support.apple.com/kb/HT4999 QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x_server:10.7.1

CVE-2011-0185

2011-10-14T06:55:07.650-04:00

2012-01-13T22:51:23.773-05:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT5002 BID 50085 BID 50092 Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.

cpe:/a:apple:quicktime cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0186

2011-03-22T22:00:05.440-04:00

2011-08-10T22:48:27.877-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.

CVE-2011-0187

2011-03-22T22:00:05.457-04:00

2011-10-20T22:51:26.897-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 APPLE APPLE-SA-2011-10-12-1 APPLE APPLE-SA-2011-10-12-3 APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 CONFIRM http://support.apple.com/kb/HT4999 CONFIRM http://support.apple.com/kb/HT5002 The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.

cpe:/a:ruby-lang:ruby:1.9 cpe:/a:ruby-lang:ruby:1.9:r18423 cpe:/a:ruby-lang:ruby:1.9.0 cpe:/a:ruby-lang:ruby:1.9.0:r18423 cpe:/a:ruby-lang:ruby:1.9.0-0 cpe:/a:ruby-lang:ruby:1.9.0-1 cpe:/a:ruby-lang:ruby:1.9.0-2 cpe:/a:ruby-lang:ruby:1.9.0-20060415 cpe:/a:ruby-lang:ruby:1.9.0-20070709 cpe:/a:ruby-lang:ruby:1.9.1 cpe:/a:ruby-lang:ruby:1.9.1:-p0 cpe:/a:ruby-lang:ruby:1.9.1:-p129 cpe:/a:ruby-lang:ruby:1.9.1:-p243 cpe:/a:ruby-lang:ruby:1.9.1:-p376 cpe:/a:ruby-lang:ruby:1.9.1:-p429 cpe:/a:ruby-lang:ruby:1.9.1:-preview_1 cpe:/a:ruby-lang:ruby:1.9.1:-preview_2 cpe:/a:ruby-lang:ruby:1.9.1:-rc1 cpe:/a:ruby-lang:ruby:1.9.1:-rc2 cpe:/a:ruby-lang:ruby:1.9.2 cpe:/a:ruby-lang:ruby:1.9.2:dev cpe:/a:ruby-lang:ruby:1.9.2-p136

CVE-2011-0188

2011-03-22T22:00:06.110-04:00

2011-08-23T23:15:07.243-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 CONFIRM http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993 MANDRIVA MDVSA-2011:097 MANDRIVA MDVSA-2011:098 REDHAT RHSA-2011:0908 REDHAT RHSA-2011:0909 REDHAT RHSA-2011:0910 SECTRACK 1025236 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=682332 The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

cpe:/a:apple:terminal cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0189

2011-03-22T22:00:06.143-04:00

2011-03-23T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-03-23T11:47:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.

cpe:/a:apple:installer cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0190

2011-03-22T22:00:06.157-04:00

2011-03-23T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-03-23T11:51:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.

CVE-2011-0191

2011-03-03T15:00:02.627-05:00

2014-02-20T23:39:23.877-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-09-3 APPLE APPLE-SA-2011-03-02-1 APPLE APPLE-SA-2011-03-21-1 SUSE SUSE-SR:2011:005 SUSE SUSE-SR:2011:009 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4565 CONFIRM http://support.apple.com/kb/HT4566 CONFIRM http://support.apple.com/kb/HT4581 DEBIAN DSA-2210 MANDRIVA MDVSA-2011:064 BID 46657 VUPEN ADV-2011-0845 VUPEN ADV-2011-0859 Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

CVE-2011-0192

2011-03-03T15:00:02.643-05:00

2014-02-20T23:39:24.093-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://blackberry.com/btsc/KB27244 APPLE APPLE-SA-2011-03-09-1 APPLE APPLE-SA-2011-03-09-2 APPLE APPLE-SA-2011-03-09-3 APPLE APPLE-SA-2011-10-12-1 APPLE APPLE-SA-2011-10-12-2 APPLE APPLE-SA-2011-03-02-1 APPLE APPLE-SA-2011-03-21-1 FEDORA FEDORA-2011-3836 FEDORA FEDORA-2011-3827 FEDORA FEDORA-2011-2540 FEDORA FEDORA-2011-2498 SUSE SUSE-SR:2011:005 SUSE SUSE-SR:2011:009 GENTOO GLSA-201209-02 SLACKWARE SSA:2011-098-01 CONFIRM http://support.apple.com/kb/HT4554 CONFIRM http://support.apple.com/kb/HT4564 CONFIRM http://support.apple.com/kb/HT4565 CONFIRM http://support.apple.com/kb/HT4566 CONFIRM http://support.apple.com/kb/HT4581 CONFIRM http://support.apple.com/kb/HT4999 CONFIRM http://support.apple.com/kb/HT5001 DEBIAN DSA-2210 MANDRIVA MDVSA-2011:043 REDHAT RHSA-2011:0318 BID 46658 SECTRACK 1025153 VUPEN ADV-2011-0551 VUPEN ADV-2011-0599 VUPEN ADV-2011-0621 VUPEN ADV-2011-0845 VUPEN ADV-2011-0905 VUPEN ADV-2011-0930 VUPEN ADV-2011-0960 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=678635 Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.

CVE-2011-0193

2011-03-22T22:00:06.173-04:00

2011-03-23T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T11:54:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

cpe:/a:apple:imageio cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6

CVE-2011-0194

2011-03-22T22:00:06.190-04:00

2011-03-23T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-03-23T11:57:00.000-04:00

APPLE APPLE-SA-2011-03-21-1 CONFIRM http://support.apple.com/kb/HT4581 Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

cpe:/o:apple:iphone_os:4.3.0 cpe:/o:apple:iphone_os:4.3.1

CVE-2011-0195

2011-04-15T15:55:00.653-04:00

2011-07-22T22:39:11.990-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-04-14-1 APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://support.apple.com/kb/HT4808 SECTRACK 1025365 The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.

cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x_server:10.5.8

CVE-2011-0196

2011-06-24T16:55:01.983-04:00

2011-06-27T00:00:00.000-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-06-27T08:52:00.000-04:00

APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.

cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0197

2011-06-24T16:55:02.030-04:00

2011-10-26T23:21:46.090-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48443 App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0198

2011-06-24T16:55:02.077-04:00

2011-10-26T23:21:46.230-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48436 Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0199

2011-06-24T16:55:02.137-04:00

2011-10-26T23:21:46.387-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48447 The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0200

2011-06-24T16:55:02.170-04:00

2012-02-03T22:56:15.797-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-06-23-1 APPLE APPLE-SA-2011-10-11-1 APPLE APPLE-SA-2012-02-01-1 CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 CONFIRM http://support.apple.com/kb/HT5130 Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0201

2011-06-24T16:55:02.217-04:00

2011-07-22T22:39:12.693-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://support.apple.com/kb/HT4808 Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.

cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0202

2011-06-24T16:55:02.247-04:00

2011-07-22T22:39:12.847-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://support.apple.com/kb/HT4808 Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.

cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0203

2011-06-24T16:55:02.297-04:00

2011-10-26T23:21:46.870-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48418 Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.

cpe:/a:apple:imageio cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0204

2011-06-24T16:55:02.327-04:00

2011-11-23T22:54:58.443-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BUGTRAQ 20110628 NGS00062 Patch Notification: Apple Mac OS X ImageIO TIFF Heap Overflow APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-06-23-1 APPLE APPLE-SA-2011-10-11-1 CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.

cpe:/a:apple:imageio cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0205

2011-06-24T16:55:02.357-04:00

2011-10-26T23:21:47.120-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48439 Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0206

2011-06-24T16:55:02.387-04:00

2017-08-16T21:33:24.963-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-06-23-1 APPLE APPLE-SA-2011-10-12-1 CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4999 XF macos-icu-bo(68217) Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0207

2011-06-24T16:55:02.420-04:00

2011-10-26T23:21:47.370-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48444 The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.

cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0208

2011-06-24T16:55:02.467-04:00

2011-10-20T22:51:29.117-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 APPLE APPLE-SA-2011-10-12-1 CONFIRM http://support.apple.com/kb/HT4723 CONFIRM http://support.apple.com/kb/HT4999 QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.

cpe:/a:apple:quicktime cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0209

2011-06-24T16:55:02.497-04:00

2011-08-10T22:48:30.797-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.

cpe:/a:apple:quicktime cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0210

2011-06-24T16:55:02.530-04:00

2011-10-26T23:21:47.730-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48442 QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.

cpe:/a:apple:quicktime cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0211

2011-06-24T16:55:02.560-04:00

2011-08-10T22:48:31.140-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

CVE-2011-0212

2011-06-24T16:55:02.590-04:00

2011-10-26T23:21:47.980-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 BID 48445 servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

cpe:/a:apple:quicktime cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7

CVE-2011-0213

2011-06-24T16:55:02.623-04:00

2011-08-10T22:48:31.407-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 APPLE APPLE-SA-2011-06-23-1 CONFIRM http://support.apple.com/kb/HT4723 Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.

cpe:/a:apple:cfnetwork cpe:/a:apple:safari:1.0 cpe:/a:apple:safari:1.0:beta cpe:/a:apple:safari:1.0:beta2 cpe:/a:apple:safari:1.0.0 cpe:/a:apple:safari:1.0.0b1 cpe:/a:apple:safari:1.0.0b2 cpe:/a:apple:safari:1.0.1 cpe:/a:apple:safari:1.0.2 cpe:/a:apple:safari:1.0.3 cpe:/a:apple:safari:1.0.3:85.8 cpe:/a:apple:safari:1.0.3:85.8.1 cpe:/a:apple:safari:1.1 cpe:/a:apple:safari:1.1.0 cpe:/a:apple:safari:1.1.1 cpe:/a:apple:safari:1.2 cpe:/a:apple:safari:1.2.0 cpe:/a:apple:safari:1.2.1 cpe:/a:apple:safari:1.2.2 cpe:/a:apple:safari:1.2.3 cpe:/a:apple:safari:1.2.4 cpe:/a:apple:safari:1.2.5 cpe:/a:apple:safari:1.3 cpe:/a:apple:safari:1.3.0 cpe:/a:apple:safari:1.3.1 cpe:/a:apple:safari:1.3.2 cpe:/a:apple:safari:1.3.2:312.5 cpe:/a:apple:safari:1.3.2:312.6 cpe:/a:apple:safari:2 cpe:/a:apple:safari:2.0 cpe:/a:apple:safari:2.0.0 cpe:/a:apple:safari:2.0.1 cpe:/a:apple:safari:2.0.2 cpe:/a:apple:safari:2.0.3 cpe:/a:apple:safari:2.0.3:417.8 cpe:/a:apple:safari:2.0.3:417.9 cpe:/a:apple:safari:2.0.3:417.9.2 cpe:/a:apple:safari:2.0.3:417.9.3 cpe:/a:apple:safari:2.0.4 cpe:/a:apple:safari:3 cpe:/a:apple:safari:3.0 cpe:/a:apple:safari:3.0.0 cpe:/a:apple:safari:3.0.0b cpe:/a:apple:safari:3.0.1 cpe:/a:apple:safari:3.0.1b cpe:/a:apple:safari:3.0.2 cpe:/a:apple:safari:3.0.2b cpe:/a:apple:safari:3.0.3 cpe:/a:apple:safari:3.0.3b cpe:/a:apple:safari:3.0.4 cpe:/a:apple:safari:3.0.4b cpe:/a:apple:safari:3.1.0 cpe:/a:apple:safari:3.1.0b cpe:/a:apple:safari:3.1.1 cpe:/a:apple:safari:3.1.2 cpe:/a:apple:safari:3.2.0 cpe:/a:apple:safari:3.2.1 cpe:/a:apple:safari:3.2.2 cpe:/a:apple:safari:4.1 cpe:/a:apple:safari:4.1.1 cpe:/a:apple:safari:4.1.2 cpe:/a:apple:safari:5.0 cpe:/a:apple:safari:5.0.1 cpe:/a:apple:safari:5.0.2 cpe:/a:apple:safari:5.0.3 cpe:/a:apple:safari:5.0.4 cpe:/a:apple:safari:5.0.5

CVE-2011-0214

2011-07-21T19:55:01.723-04:00

2011-07-22T00:00:00.000-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-07-22T09:14:00.000-04:00

APPLE APPLE-SA-2011-07-20-1 CONFIRM http://support.apple.com/kb/HT4808 CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

cpe:/a:apple:imageio cpe:/a:apple:safari:1.0 cpe:/a:apple:safari:1.0:beta cpe:/a:apple:safari:1.0:beta2 cpe:/a:apple:safari:1.0.0 cpe:/a:apple:safari:1.0.0b1 cpe:/a:apple:safari:1.0.0b2 cpe:/a:apple:safari:1.0.1 cpe:/a:apple:safari:1.0.2 cpe:/a:apple:safari:1.0.3 cpe:/a:apple:safari:1.0.3:85.8 cpe:/a:apple:safari:1.0.3:85.8.1 cpe:/a:apple:safari:1.1 cpe:/a:apple:safari:1.1.0 cpe:/a:apple:safari:1.1.1 cpe:/a:apple:safari:1.2 cpe:/a:apple:safari:1.2.0 cpe:/a:apple:safari:1.2.1 cpe:/a:apple:safari:1.2.2 cpe:/a:apple:safari:1.2.3 cpe:/a:apple:safari:1.2.4 cpe:/a:apple:safari:1.2.5 cpe:/a:apple:safari:1.3 cpe:/a:apple:safari:1.3.0 cpe:/a:apple:safari:1.3.1 cpe:/a:apple:safari:1.3.2 cpe:/a:apple:safari:1.3.2:312.5 cpe:/a:apple:safari:1.3.2:312.6 cpe:/a:apple:safari:2 cpe:/a:apple:safari:2.0 cpe:/a:apple:safari:2.0.0 cpe:/a:apple:safari:2.0.1 cpe:/a:apple:safari:2.0.2 cpe:/a:apple:safari:2.0.3 cpe:/a:apple:safari:2.0.3:417.8 cpe:/a:apple:safari:2.0.3:417.9 cpe:/a:apple:safari:2.0.3:417.9.2 cpe:/a:apple:safari:2.0.3:417.9.3 cpe:/a:apple:safari:2.0.4 cpe:/a:apple:safari:3 cpe:/a:apple:safari:3.0 cpe:/a:apple:safari:3.0.0 cpe:/a:apple:safari:3.0.0b cpe:/a:apple:safari:3.0.1 cpe:/a:apple:safari:3.0.1b cpe:/a:apple:safari:3.0.2 cpe:/a:apple:safari:3.0.2b cpe:/a:apple:safari:3.0.3 cpe:/a:apple:safari:3.0.3b cpe:/a:apple:safari:3.0.4 cpe:/a:apple:safari:3.0.4b cpe:/a:apple:safari:3.1.0 cpe:/a:apple:safari:3.1.0b cpe:/a:apple:safari:3.1.1 cpe:/a:apple:safari:3.1.2 cpe:/a:apple:safari:3.2.0 cpe:/a:apple:safari:3.2.1 cpe:/a:apple:safari:3.2.2 cpe:/a:apple:safari:4.1 cpe:/a:apple:safari:4.1.1 cpe:/a:apple:safari:4.1.2 cpe:/a:apple:safari:5.0 cpe:/a:apple:safari:5.0.1 cpe:/a:apple:safari:5.0.2 cpe:/a:apple:safari:5.0.3 cpe:/a:apple:safari:5.0.4 cpe:/a:apple:safari:5.0.5

CVE-2011-0215

2011-07-21T19:55:01.770-04:00

2011-10-13T22:50:00.370-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.

CVE-2011-0216

2011-07-21T19:55:01.800-04:00

2013-02-06T23:40:19.890-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-12-1 APPLE APPLE-SA-2011-10-12-2 REDHAT RHSA-2013:0217 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4999 CONFIRM http://support.apple.com/kb/HT5001 DEBIAN DSA-2394 MANDRIVA MDVSA-2011:188 REDHAT RHSA-2011:1749 Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

CVE-2011-0217

2011-07-21T19:55:01.847-04:00

2011-07-22T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-07-22T09:33:00.000-04:00

APPLE APPLE-SA-2011-07-20-1 CONFIRM http://support.apple.com/kb/HT4808 Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.

CVE-2011-0218

2011-07-21T19:55:01.897-04:00

2011-10-20T22:51:30.210-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 APPLE APPLE-SA-2011-10-12-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 CONFIRM http://support.apple.com/kb/HT4999 WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

CVE-2011-0219

2011-07-21T19:55:01.927-04:00

2011-07-22T00:00:00.000-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-07-22T10:02:00.000-04:00

APPLE APPLE-SA-2011-07-20-1 CONFIRM http://support.apple.com/kb/HT4808 Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

CVE-2011-0221

2011-07-21T19:55:01.973-04:00

2011-10-20T22:51:30.460-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0222

2011-07-21T19:55:02.003-04:00

2011-10-20T22:51:30.600-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 APPLE APPLE-SA-2011-10-12-1 SREASON 8313 SREASON 8315 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 CONFIRM http://support.apple.com/kb/HT4999 WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

CVE-2011-0223

2011-07-21T19:55:02.037-04:00

2011-10-13T22:50:01.370-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x:10.1.2 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.8

CVE-2011-0224

2011-10-14T06:55:07.730-04:00

2012-01-13T22:51:27.587-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT5002 BID 50085 BID 50095 CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.

CVE-2011-0225

2011-07-21T19:55:02.067-04:00

2011-10-20T22:51:31.023-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

cpe:/a:freetype:freetype:2.2.1 cpe:/a:freetype:freetype:2.2.10 cpe:/a:freetype:freetype:2.3.0 cpe:/a:freetype:freetype:2.3.1 cpe:/a:freetype:freetype:2.3.2 cpe:/a:freetype:freetype:2.3.3 cpe:/a:freetype:freetype:2.3.4 cpe:/a:freetype:freetype:2.3.5 cpe:/a:freetype:freetype:2.3.6 cpe:/a:freetype:freetype:2.3.7 cpe:/a:freetype:freetype:2.3.8 cpe:/a:freetype:freetype:2.3.9 cpe:/a:freetype:freetype:2.3.10 cpe:/a:freetype:freetype:2.3.11 cpe:/a:freetype:freetype:2.3.12 cpe:/a:freetype:freetype:2.4.0 cpe:/a:freetype:freetype:2.4.1 cpe:/a:freetype:freetype:2.4.2 cpe:/a:freetype:freetype:2.4.3 cpe:/a:freetype:freetype:2.4.4 cpe:/a:freetype:freetype:2.4.5 cpe:/o:apple:iphone_os:1.0.0 cpe:/o:apple:iphone_os:1.0.1 cpe:/o:apple:iphone_os:1.0.2 cpe:/o:apple:iphone_os:1.1.0 cpe:/o:apple:iphone_os:1.1.1 cpe:/o:apple:iphone_os:1.1.2 cpe:/o:apple:iphone_os:1.1.3 cpe:/o:apple:iphone_os:1.1.4 cpe:/o:apple:iphone_os:1.1.5 cpe:/o:apple:iphone_os:2.0 cpe:/o:apple:iphone_os:2.0.0 cpe:/o:apple:iphone_os:2.0.1 cpe:/o:apple:iphone_os:2.0.2 cpe:/o:apple:iphone_os:2.1 cpe:/o:apple:iphone_os:2.1.1 cpe:/o:apple:iphone_os:2.2 cpe:/o:apple:iphone_os:2.2.1 cpe:/o:apple:iphone_os:3.0 cpe:/o:apple:iphone_os:3.0.1 cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.1.2 cpe:/o:apple:iphone_os:3.1.3 cpe:/o:apple:iphone_os:3.2 cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:4.2 cpe:/o:apple:iphone_os:4.2.1 cpe:/o:apple:iphone_os:4.2.5 cpe:/o:apple:iphone_os:4.2.8 cpe:/o:apple:iphone_os:4.3.0 cpe:/o:apple:iphone_os:4.3.1 cpe:/o:apple:iphone_os:4.3.2 cpe:/o:apple:iphone_os:4.3.3

CVE-2011-0226

2011-07-19T18:55:00.820-04:00

2011-10-25T22:56:19.090-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-15-1 APPLE APPLE-SA-2011-07-15-2 APPLE APPLE-SA-2011-10-12-3 MLIST [freetype-devel] 20110708 details on iPhone exploit caused by FreeType? MLIST [freetype-devel] 20110708 Re: details on iPhone exploit caused by FreeType? MLIST [freetype-devel] 20110709 Re: details on iPhone exploit caused by FreeType? MLIST [freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType? MLIST [freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType? SUSE openSUSE-SU-2011:0852 SUSE SUSE-SU-2011:0853 CONFIRM http://support.apple.com/kb/HT4802 CONFIRM http://support.apple.com/kb/HT4803 CONFIRM http://support.apple.com/kb/HT5002 MISC http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html DEBIAN DSA-2294 MANDRIVA MDVSA-2011:120 REDHAT RHSA-2011:1085 BID 48619 Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

CVE-2011-0227

2011-07-19T18:55:00.883-04:00

2011-07-26T00:00:00.000-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-07-20T11:21:00.000-04:00

APPLE APPLE-SA-2011-07-15-1 APPLE APPLE-SA-2011-07-15-2 CONFIRM http://support.apple.com/kb/HT4802 CONFIRM http://support.apple.com/kb/HT4803 The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.

CVE-2011-0228

2011-08-29T16:55:00.753-04:00

2018-10-10T16:09:28.027-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-07-25-2 APPLE APPLE-SA-2011-07-25-1 SREASON 8361 SECTRACK 1025837 CONFIRM http://support.apple.com/kb/HT4824 CONFIRM http://support.apple.com/kb/HT4825 BUGTRAQ 20110725 TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain BID 48877 MISC https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

CVE-2011-0229

2011-10-14T06:55:07.807-04:00

2012-01-13T22:51:28.133-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT5002 BID 50085 BID 50091 Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.

cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x:10.1.2 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x_server:10.7.1

CVE-2011-0230

2011-10-14T06:55:08.057-04:00

2012-01-13T22:51:28.273-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT5002 BID 50085 Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

cpe:/o:apple:mac_os_x:10.0 cpe:/o:apple:mac_os_x:10.0.0 cpe:/o:apple:mac_os_x:10.0.1 cpe:/o:apple:mac_os_x:10.0.2 cpe:/o:apple:mac_os_x:10.0.3 cpe:/o:apple:mac_os_x:10.0.4 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.1.0 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x:10.1.2 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x:10.2.0 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x:10.3.0 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.3.3 cpe:/o:apple:mac_os_x:10.3.4 cpe:/o:apple:mac_os_x:10.3.5 cpe:/o:apple:mac_os_x:10.3.6 cpe:/o:apple:mac_os_x:10.3.7 cpe:/o:apple:mac_os_x:10.3.8 cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.4 cpe:/o:apple:mac_os_x:10.4.0 cpe:/o:apple:mac_os_x:10.4.1 cpe:/o:apple:mac_os_x:10.4.2 cpe:/o:apple:mac_os_x:10.4.3 cpe:/o:apple:mac_os_x:10.4.4 cpe:/o:apple:mac_os_x:10.4.5 cpe:/o:apple:mac_os_x:10.4.6 cpe:/o:apple:mac_os_x:10.4.7 cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.9 cpe:/o:apple:mac_os_x:10.4.10 cpe:/o:apple:mac_os_x:10.4.11 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.5.0 cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x:10.5.3 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.5.5 cpe:/o:apple:mac_os_x:10.5.6 cpe:/o:apple:mac_os_x:10.5.7 cpe:/o:apple:mac_os_x:10.5.8 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:apple:mac_os_x:10.6.1 cpe:/o:apple:mac_os_x:10.6.2 cpe:/o:apple:mac_os_x:10.6.3 cpe:/o:apple:mac_os_x:10.6.4 cpe:/o:apple:mac_os_x:10.6.5 cpe:/o:apple:mac_os_x:10.6.6 cpe:/o:apple:mac_os_x:10.6.7 cpe:/o:apple:mac_os_x:10.6.8 cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.0 cpe:/o:apple:mac_os_x_server:10.0.0 cpe:/o:apple:mac_os_x_server:10.0.1 cpe:/o:apple:mac_os_x_server:10.0.2 cpe:/o:apple:mac_os_x_server:10.0.3 cpe:/o:apple:mac_os_x_server:10.0.4 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x_server:10.1.0 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.1.4 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.2.0 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.3.0 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/o:apple:mac_os_x_server:10.3.4 cpe:/o:apple:mac_os_x_server:10.3.5 cpe:/o:apple:mac_os_x_server:10.3.6 cpe:/o:apple:mac_os_x_server:10.3.7 cpe:/o:apple:mac_os_x_server:10.3.8 cpe:/o:apple:mac_os_x_server:10.3.9 cpe:/o:apple:mac_os_x_server:10.4 cpe:/o:apple:mac_os_x_server:10.4.0 cpe:/o:apple:mac_os_x_server:10.4.1 cpe:/o:apple:mac_os_x_server:10.4.2 cpe:/o:apple:mac_os_x_server:10.4.3 cpe:/o:apple:mac_os_x_server:10.4.4 cpe:/o:apple:mac_os_x_server:10.4.5 cpe:/o:apple:mac_os_x_server:10.4.6 cpe:/o:apple:mac_os_x_server:10.4.7 cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.9 cpe:/o:apple:mac_os_x_server:10.4.10 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x_server:10.5 cpe:/o:apple:mac_os_x_server:10.5.0 cpe:/o:apple:mac_os_x_server:10.5.1 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.3 cpe:/o:apple:mac_os_x_server:10.5.4 cpe:/o:apple:mac_os_x_server:10.5.5 cpe:/o:apple:mac_os_x_server:10.5.6 cpe:/o:apple:mac_os_x_server:10.5.7 cpe:/o:apple:mac_os_x_server:10.5.8 cpe:/o:apple:mac_os_x_server:10.6.0 cpe:/o:apple:mac_os_x_server:10.6.1 cpe:/o:apple:mac_os_x_server:10.6.2 cpe:/o:apple:mac_os_x_server:10.6.3 cpe:/o:apple:mac_os_x_server:10.6.4 cpe:/o:apple:mac_os_x_server:10.6.5 cpe:/o:apple:mac_os_x_server:10.6.6 cpe:/o:apple:mac_os_x_server:10.6.7 cpe:/o:apple:mac_os_x_server:10.6.8 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x_server:10.7.1

CVE-2011-0231

2011-10-14T06:55:08.150-04:00

2012-01-13T22:51:28.430-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT5002 BID 50085 CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."

CVE-2011-0232

2011-07-21T19:55:02.097-04:00

2011-10-20T22:51:31.833-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0233

2011-07-21T19:55:02.147-04:00

2011-10-20T22:51:31.977-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0234

2011-07-21T19:55:02.193-04:00

2011-10-20T22:51:32.130-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0235

2011-07-21T19:55:02.223-04:00

2011-10-20T22:51:32.273-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0237

2011-07-21T19:55:02.253-04:00

2011-10-13T22:50:02.747-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

CVE-2011-0238

2011-07-21T19:55:02.287-04:00

2011-10-20T22:51:32.523-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0240

2011-07-21T19:55:02.333-04:00

2011-10-13T22:50:03.073-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

CVE-2011-0241

2011-07-21T19:55:02.363-04:00

2012-05-11T23:34:30.697-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-12-1 APPLE APPLE-SA-2011-10-12-2 APPLE APPLE-SA-2012-02-01-1 APPLE APPLE-SA-2012-05-09-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4999 CONFIRM http://support.apple.com/kb/HT5001 CONFIRM http://support.apple.com/kb/HT5130 CONFIRM http://support.apple.com/kb/HT5281 Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.

CVE-2011-0242

2011-07-21T19:55:02.397-04:00

2011-10-20T22:51:32.927-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-12-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4999 Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.

CVE-2011-0244

2011-07-21T19:55:02.427-04:00

2011-07-22T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-07-22T11:38:00.000-04:00

APPLE APPLE-SA-2011-07-20-1 CONFIRM http://support.apple.com/kb/HT4808 WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.

cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2.0 cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:7.6.0 cpe:/a:apple:quicktime:7.6.1 cpe:/a:apple:quicktime:7.6.2 cpe:/a:apple:quicktime:7.6.5 cpe:/a:apple:quicktime:7.6.6 cpe:/a:apple:quicktime:7.6.7 cpe:/a:apple:quicktime:7.6.8 cpe:/a:apple:quicktime:7.6.9 cpe:/a:apple:quicktime:7.66.71.0 cpe:/a:apple:quicktime:7.67.75.0

CVE-2011-0245

2011-08-03T22:45:31.950-04:00

2017-09-18T21:31:58.927-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file.

cpe:/a:apple:quicktime:3.0 cpe:/a:apple:quicktime:4.1.2 cpe:/a:apple:quicktime:5.0 cpe:/a:apple:quicktime:5.0.1 cpe:/a:apple:quicktime:5.0.2 cpe:/a:apple:quicktime:6.0 cpe:/a:apple:quicktime:6.0.0 cpe:/a:apple:quicktime:6.0.1 cpe:/a:apple:quicktime:6.0.2 cpe:/a:apple:quicktime:6.1 cpe:/a:apple:quicktime:6.1.0 cpe:/a:apple:quicktime:6.1.1 cpe:/a:apple:quicktime:6.2.0 cpe:/a:apple:quicktime:6.3.0 cpe:/a:apple:quicktime:6.4.0 cpe:/a:apple:quicktime:6.5 cpe:/a:apple:quicktime:6.5.0 cpe:/a:apple:quicktime:6.5.1 cpe:/a:apple:quicktime:6.5.2 cpe:/a:apple:quicktime:7.0 cpe:/a:apple:quicktime:7.0.0 cpe:/a:apple:quicktime:7.0.1 cpe:/a:apple:quicktime:7.0.2 cpe:/a:apple:quicktime:7.0.3 cpe:/a:apple:quicktime:7.0.4 cpe:/a:apple:quicktime:7.1 cpe:/a:apple:quicktime:7.1.0 cpe:/a:apple:quicktime:7.1.1 cpe:/a:apple:quicktime:7.1.2 cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:7.1.4 cpe:/a:apple:quicktime:7.1.5 cpe:/a:apple:quicktime:7.1.6 cpe:/a:apple:quicktime:7.2 cpe:/a:apple:quicktime:7.2.0 cpe:/a:apple:quicktime:7.2.1 cpe:/a:apple:quicktime:7.3 cpe:/a:apple:quicktime:7.3.0 cpe:/a:apple:quicktime:7.3.1 cpe:/a:apple:quicktime:7.3.1.70 cpe:/a:apple:quicktime:7.4 cpe:/a:apple:quicktime:7.4.0 cpe:/a:apple:quicktime:7.4.1 cpe:/a:apple:quicktime:7.4.5 cpe:/a:apple:quicktime:7.5.0 cpe:/a:apple:quicktime:7.5.5 cpe:/a:apple:quicktime:7.6.0 cpe:/a:apple:quicktime:7.6.1 cpe:/a:apple:quicktime:7.6.2 cpe:/a:apple:quicktime:7.6.5 cpe:/a:apple:quicktime:7.6.6 cpe:/a:apple:quicktime:7.6.7 cpe:/a:apple:quicktime:7.6.8 cpe:/a:apple:quicktime:7.6.9

CVE-2011-0246

2011-08-03T22:45:31.983-04:00

2017-09-18T21:31:58.990-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

CVE-2011-0247

2011-08-03T22:45:32.013-04:00

2017-09-18T21:31:59.067-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie.

CVE-2011-0248

2011-08-03T22:45:32.060-04:00

2011-08-05T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2011-08-04T08:35:00.000-04:00

APPLE APPLE-SA-2011-08-03-1 Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.

CVE-2011-0249

2011-08-03T22:45:32.093-04:00

2017-09-18T21:31:59.160-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-08-03-1 APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT5002 Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.

CVE-2011-0250

2011-08-03T22:45:32.123-04:00

2017-09-18T21:31:59.240-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0251

2011-08-03T22:45:32.170-04:00

2017-09-18T21:31:59.300-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0252

2011-08-03T22:45:32.200-04:00

2017-09-18T21:31:59.347-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0253

2011-07-21T19:55:02.457-04:00

2011-10-13T22:50:04.417-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-07-20-1 APPLE APPLE-SA-2011-10-11-1 CONFIRM http://support.apple.com/kb/HT4808 CONFIRM http://support.apple.com/kb/HT4981 WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

CVE-2011-0254

2011-07-21T19:55:02.503-04:00

2011-10-20T22:51:34.287-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0255

2011-07-21T19:55:02.537-04:00

2011-10-20T22:51:34.427-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

CVE-2011-0256

2011-08-15T17:55:01.113-04:00

2017-09-18T21:31:59.410-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://support.apple.com/kb/HT4826 Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.

CVE-2011-0257

2011-08-15T17:55:01.270-04:00

2017-09-18T21:31:59.490-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SREASON 8365 CONFIRM http://support.apple.com/kb/HT4826 EXPLOIT-DB 17777 MISC http://zerodayinitiative.com/advisories/ZDI-11-252/ Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.

CVE-2011-0258

2011-09-06T11:55:01.540-04:00

2018-10-10T16:09:28.997-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SREASON 8368 CONFIRM http://support.apple.com/kb/HT4826 BUGTRAQ 20110831 ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability MISC http://zerodayinitiative.com/advisories/ZDI-11-277/ XF quicktime-mp4v-bo(69518) Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file.

CVE-2011-0259

2011-10-12T14:55:01.177-04:00

2017-09-18T21:31:59.613-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov APPLE APPLE-SA-2011-10-11-1 APPLE APPLE-SA-2011-10-12-1 APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT4981 CONFIRM http://support.apple.com/kb/HT4999 CONFIRM http://support.apple.com/kb/HT5002 BID 50067 CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

cpe:/o:apple:mac_os_x:10.7.0 cpe:/o:apple:mac_os_x:10.7.1 cpe:/o:apple:mac_os_x_server:10.7.0 cpe:/o:apple:mac_os_x_server:10.7.1

CVE-2011-0260

2011-10-14T06:55:08.230-04:00

2012-01-13T22:51:31.040-05:00

4.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 CONFIRM http://support.apple.com/kb/HT5002 BID 50085 The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0261

2011-01-13T14:00:05.133-05:00

2017-08-16T21:33:25.087-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP HPSBMA02621 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-003/ XF hp-opennnm-jovgraph-bo(64655) Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0262

2011-01-13T14:00:05.180-05:00

2017-08-16T21:33:25.167-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP SSRT100352 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-004/ XF hp-opennnm-ovutildll-bo(64654) Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0263

2011-01-13T14:00:05.227-05:00

2017-08-16T21:33:25.213-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP HPSBMA02621 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-005/ XF hp-opennnm-ovas-bo(64653) Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0264

2011-01-13T14:00:05.307-05:00

2017-08-16T21:33:25.277-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP HPSBMA02621 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-006/ XF hp-opennnm-ovutil-bo(64652) Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0265

2011-01-13T14:00:05.383-05:00

2017-08-16T21:33:25.323-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP SSRT100352 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-007/ XF hp-opennnm-dataselect1-bo(64651) Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0266

2011-01-13T14:00:05.447-05:00

2017-08-16T21:33:25.367-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 8151 HP SSRT100352 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-008/ XF hp-opennnm-nameparams-bo(64650) Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0267

2011-01-13T14:00:05.493-05:00

2017-08-16T21:33:25.430-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 8156 EXPLOIT-DB 17038 HP SSRT100352 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-009/ XF hp-opennnm-schdparams-bo(64649) Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0268

2011-01-13T14:00:05.540-05:00

2017-08-16T21:33:25.493-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP HPSBMA02621 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-010/ XF hp-opennnm-text1-bo(64648) Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0269

2011-01-13T14:00:05.587-05:00

2017-08-16T21:33:25.540-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP HPSBMA02621 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-011/ XF hp-opennnm-schdselect1-bo(64647) Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0270

2011-01-13T14:00:05.620-05:00

2017-08-16T21:33:25.587-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP HPSBMA02621 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-012/ XF hp-opennnm-nnmrptconfig-format-string(64646) Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.

cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53

CVE-2011-0271

2011-01-13T14:00:05.713-05:00

2017-08-16T21:33:25.650-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov IDEFENSE 20110110 HP Network Node Manager Command Injection Vulnerability HP SSRT100352 BID 45762 SECTRACK 1024951 VUPEN ADV-2011-0085 XF hp-opennnm-cgi-command-exec(64657) The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."

cpe:/a:hp:loadrunner:9.52

CVE-2011-0272

2011-01-18T13:03:08.317-05:00

2017-08-16T21:33:25.697-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1024956 HP SSRT100195 BID 45792 VUPEN ADV-2011-0095 XF loadrunner-unspec-code-execution(64659) Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.

cpe:/a:hp:openview_storage_data_protector_cell_manager:6.11

CVE-2011-0273

2011-01-24T20:00:02.487-05:00

2017-08-16T21:33:25.760-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1024983 HP HPSBMA02625 VUPEN ADV-2011-0177 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-024/ XF hp-openview-storage-code-execution(64818) Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.

cpe:/a:hp:business_availability_center:7.0 cpe:/a:hp:business_availability_center:7.55 cpe:/a:hp:business_availability_center:8.0 cpe:/a:hp:business_availability_center:8.05 cpe:/a:hp:business_service_management:9.01

CVE-2011-0274

2011-01-24T13:00:03.860-05:00

2017-08-16T21:33:25.807-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov HP SSRT100342 SECTRACK 1024986 BID 45944 VUPEN ADV-2011-0188 XF hp-bac-bsm-xss(64846) Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 7.x through 7.55 and 8.x through 8.05, and Business Service Management (BSM) through 9.01, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:hp:openview_storage_data_protector:6.0 cpe:/a:hp:openview_storage_data_protector:6.10 cpe:/a:hp:openview_storage_data_protector:6.11

CVE-2011-0275

2011-01-28T16:00:29.750-05:00

2017-08-16T21:33:25.867-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov HP SSRT100301 SECTRACK 1024991 BID 46018 VUPEN ADV-2011-0218 XF hp-openview-storage-dos(64932) Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to cause a denial of service via unknown vectors.

cpe:/a:hp:openview_performance_insight:5.2 cpe:/a:hp:openview_performance_insight:5.3 cpe:/a:hp:openview_performance_insight:5.4 cpe:/a:hp:openview_performance_insight:5.31 cpe:/a:hp:openview_performance_insight:5.41

CVE-2011-0276

2011-02-01T20:00:06.533-05:00

2018-10-10T16:09:29.777-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov HP SSRT090246 SREASON 8136 EXPLOIT-DB 16984 BUGTRAQ 20110131 ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability BID 46079 SECTRACK 1025014 VUPEN ADV-2011-0258 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-034 XF openview-dopost-code-execution(65038) HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.

cpe:/a:hp:power_manager:4.2.5 cpe:/a:hp:power_manager:4.2.6 cpe:/a:hp:power_manager:4.2.7 cpe:/a:hp:power_manager:4.2.8 cpe:/a:hp:power_manager:4.2.9 cpe:/a:hp:power_manager:4.3.2

CVE-2011-0277

2011-02-08T20:00:09.307-05:00

2013-08-03T03:29:48.903-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov HP SSRT100381 BID 46258 SECTRACK 1025032 Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

cpe:/a:hp:web_jetadmin:10.2:sr3 cpe:/a:hp:web_jetadmin:10.2:sr4

CVE-2011-0278

2011-03-01T18:00:02.613-05:00

2011-03-17T22:56:42.273-04:00

4.3

LOCAL

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov HP SSRT100391 SECTRACK 1025130 BID 46595 VUPEN ADV-2011-0516 Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 and 4 allows local users to bypass intended access restrictions via unknown vectors.

cpe:/a:hp:multifunction_peripheral_digital_sending_software:4.91.00

CVE-2011-0279

2011-03-07T16:00:01.563-05:00

2017-08-16T21:33:25.993-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov HP HPSBPI02640 BID 46679 SECTRACK 1025155 VUPEN ADV-2011-0561 XF hp-mfpdigitalsending-sec-bypass(65866) HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication.

cpe:/a:hp:power_manager:4.2.5 cpe:/a:hp:power_manager:4.2.6 cpe:/a:hp:power_manager:4.2.7 cpe:/a:hp:power_manager:4.2.8 cpe:/a:hp:power_manager:4.2.9 cpe:/a:hp:power_manager:4.3.2

CVE-2011-0280

2011-03-14T15:55:00.697-04:00

2017-08-16T21:33:26.057-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov HP SSRT100381 BID 46830 XF powermanager-unspecified-xss(66035) Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manager (HPPM) 4.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the logType parameter to Contents/exportlogs.asp, (2) the Id parameter to Contents/pagehelp.asp, or the (3) SORTORD or (4) SORTCOL parameter to Contents/applicationlogs.asp. NOTE: some of these details are obtained from third party information.

cpe:/a:mit:kerberos:5-1.6 cpe:/a:mit:kerberos:5-1.6.1 cpe:/a:mit:kerberos:5-1.6.2 cpe:/a:mit:kerberos:5-1.6.3 cpe:/a:mit:kerberos:5-1.7 cpe:/a:mit:kerberos:5-1.7.1 cpe:/a:mit:kerberos:5-1.8 cpe:/a:mit:kerberos:5-1.8.1 cpe:/a:mit:kerberos:5-1.8.2 cpe:/a:mit:kerberos:5-1.8.3 cpe:/a:mit:kerberos:5-1.9

CVE-2011-0281

2011-02-10T13:00:55.237-05:00

2018-10-10T16:09:30.777-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SUSE SUSE-SR:2011:004 MLIST [kerberos] 20101222 LDAP handle unavailable: Can't contact LDAP server SREASON 8073 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt MANDRIVA MDVSA-2011:024 MANDRIVA MDVSA-2011:025 REDHAT RHSA-2011:0199 REDHAT RHSA-2011:0200 BUGTRAQ 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] BUGTRAQ 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console BID 46265 SECTRACK 1025037 CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0012.html VUPEN ADV-2011-0330 VUPEN ADV-2011-0333 VUPEN ADV-2011-0347 VUPEN ADV-2011-0464 XF kerberos-ldap-descriptor-dos(65324) The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence.

CVE-2011-0282

2011-02-10T13:00:55.287-05:00

2018-10-10T16:09:33.170-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SUSE SUSE-SR:2011:004 SREASON 8073 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt MANDRIVA MDVSA-2011:024 MANDRIVA MDVSA-2011:025 REDHAT RHSA-2011:0199 REDHAT RHSA-2011:0200 BUGTRAQ 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] BUGTRAQ 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console BID 46271 SECTRACK 1025037 CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0012.html VUPEN ADV-2011-0330 VUPEN ADV-2011-0333 VUPEN ADV-2011-0347 VUPEN ADV-2011-0464 XF kerberos-ldap-dos(65323) The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.

cpe:/a:mit:kerberos:5-1.9

CVE-2011-0283

2011-02-10T13:00:55.317-05:00

2018-10-10T16:09:35.387-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 8073 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt BUGTRAQ 20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283] BID 46272 SECTRACK 1025037 VUPEN ADV-2011-0330 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet.

cpe:/a:mit:kerberos:5-1.7 cpe:/a:mit:kerberos:5-1.7.1 cpe:/a:mit:kerberos:5-1.8 cpe:/a:mit:kerberos:5-1.8.1 cpe:/a:mit:kerberos:5-1.8.2 cpe:/a:mit:kerberos:5-1.8.3 cpe:/a:mit:kerberos:5-1.9

CVE-2011-0284

2011-03-19T22:00:03.253-04:00

2018-10-10T16:09:35.983-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov FEDORA FEDORA-2011-3547 FEDORA FEDORA-2011-3464 FEDORA FEDORA-2011-3462 SUSE SUSE-SR:2011:005 SECTRACK 1025216 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt CERT-VN VU#943220 MANDRIVA MDVSA-2011:048 REDHAT RHSA-2011:0356 BUGTRAQ 20110315 MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled BID 46881 UBUNTU USN-1088-1 VUPEN ADV-2011-0672 VUPEN ADV-2011-0673 VUPEN ADV-2011-0680 VUPEN ADV-2011-0722 VUPEN ADV-2011-0763 XF kerberos-perpareerroras-code-execution(66101) Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.

cpe:/a:mit:kerberos:5-1.7 cpe:/a:mit:kerberos:5-1.7.1 cpe:/a:mit:kerberos:5-1.8 cpe:/a:mit:kerberos:5-1.8.1 cpe:/a:mit:kerberos:5-1.8.2 cpe:/a:mit:kerberos:5-1.8.3 cpe:/a:mit:kerberos:5-1.9

CVE-2011-0285

2011-04-14T20:55:00.990-04:00

2018-10-10T16:09:38.373-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726 CONFIRM http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899 FEDORA FEDORA-2011-5333 SREASON 8200 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt MANDRIVA MDVSA-2011:077 REDHAT RHSA-2011:0447 BUGTRAQ 20110413 MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285] BID 47310 SECTRACK 1025320 VUPEN ADV-2011-0936 VUPEN ADV-2011-0986 VUPEN ADV-2011-0997 SUSE openSUSE-SU-2011:0348 The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

cpe:/a:rim:blackberry_enterprise_server:5.0.0 cpe:/a:rim:blackberry_enterprise_server:5.0.1 cpe:/a:rim:blackberry_enterprise_server:5.0.2 cpe:/a:rim:blackberry_enterprise_server:5.0.3 cpe:/a:rim:blackberry_enterprise_server_express:5.0.1 cpe:/a:rim:blackberry_enterprise_server_express:5.0.2

CVE-2011-0286

2011-04-18T14:55:00.877-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-04-18T15:17:00.000-04:00

SECTRACK 1025356 CONFIRM http://www.blackberry.com/btsc/KB26296 MISC http://www.cybsec.com/vuln/CYBSEC_Advisory_2011_0401_Cross_Site_Scripting_XSS_in_Blackberry_WebDesktop.pdf BID 47324 VUPEN ADV-2011-0971 Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.

cpe:/a:rim:blackberry_enterprise_server:5.0.1 cpe:/a:rim:blackberry_enterprise_server:5.0.2 cpe:/a:rim:blackberry_enterprise_server:5.0.3 cpe:/a:rim:blackberry_enterprise_server_express:5.0.1 cpe:/a:rim:blackberry_enterprise_server_express:5.0.2 cpe:/a:rim:blackberry_enterprise_server_express:5.0.3

CVE-2011-0287

2011-07-14T19:55:02.053-04:00

2011-07-19T00:00:00.000-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

PARTIAL

http://nvd.nist.gov

2011-07-15T09:28:00.000-04:00

CONFIRM http://www.blackberry.com/btsc/KB27258 BID 48655 Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors.

cpe:/a:rim:blackberry_enterprise_server:5.0.3

CVE-2011-0290

2011-10-21T06:55:03.757-04:00

2017-08-16T21:33:26.337-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov SECTRACK 1026179 CONFIRM http://www.blackberry.com/btsc/KB28524 BID 50064 XF bes-collaboration-service-spoofing(70519) The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.

cpe:/o:blackberry:blackberry_tablet_os:1.0.8.4985

CVE-2011-0291

2011-12-08T15:55:00.780-05:00

2017-08-16T21:33:26.383-04:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

CONFIRM http://blackberry.com/btsc/KB29191 SECTRACK 1026386 BID 50931 XF blackberry-playbook-priv-esc(71659) The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive.

cpe:/a:ibm:websphere_mq:7.0 cpe:/a:ibm:websphere_mq:7.0.0.1 cpe:/a:ibm:websphere_mq:7.0.0.2 cpe:/a:ibm:websphere_mq:7.0.1.0 cpe:/a:ibm:websphere_mq:7.0.1.1 cpe:/a:ibm:websphere_mq:7.0.1.2 cpe:/a:ibm:websphere_mq:7.0.1.3

CVE-2011-0310

2011-01-13T14:00:05.930-05:00

2017-08-16T21:33:26.447-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov BID 45923 VUPEN ADV-2011-0128 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014224 XF wmq-messageheader-bo(64628) AIXAPAR IZ77607 Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.

cpe:/a:ibm:java:1.4.2 cpe:/a:ibm:java:1.4.2.13 cpe:/a:ibm:java:1.4.2.13.1 cpe:/a:ibm:java:1.4.2.13.2 cpe:/a:ibm:java:1.4.2.13.3 cpe:/a:ibm:java:1.4.2.13.4 cpe:/a:ibm:java:1.4.2.13.5 cpe:/a:ibm:java:1.4.2.13.6 cpe:/a:ibm:java:1.4.2.13.7 cpe:/a:ibm:java:1.4.2.13.8 cpe:/a:ibm:runtimes_for_java_technology:5.0.0 cpe:/a:ibm:runtimes_for_java_technology:5.0.11.0 cpe:/a:ibm:runtimes_for_java_technology:5.0.11.1 cpe:/a:ibm:runtimes_for_java_technology:5.0.11.2 cpe:/a:ibm:runtimes_for_java_technology:5.0.12.0 cpe:/a:ibm:runtimes_for_java_technology:5.0.12.1 cpe:/a:ibm:runtimes_for_java_technology:5.0.12.2 cpe:/a:ibm:runtimes_for_java_technology:5.0.12.3 cpe:/a:ibm:runtimes_for_java_technology:5.0.12.4 cpe:/a:ibm:runtimes_for_java_technology:6.0.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.1.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.2.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.3.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.4.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.5.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.6.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.7.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.8.0 cpe:/a:ibm:runtimes_for_java_technology:6.0.8.1 cpe:/a:ibm:runtimes_for_java_technology:6.0.9.0

CVE-2011-0311

2011-09-02T19:55:01.943-04:00

2017-08-16T21:33:26.510-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov SUSE SUSE-SA:2011:024 SUSE SUSE-SU-2011:0823 REDHAT RHSA-2011:1159 REDHAT RHSA-2011:1265 AIXAPAR IZ89602 AIXAPAR IZ89620 XF ibm-rjt-classfile-dos(65189) AIXAPAR PM42551 The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

cpe:/a:ibm:websphere_mq:6.0 cpe:/a:ibm:websphere_mq:6.0.1.0 cpe:/a:ibm:websphere_mq:6.0.1.1 cpe:/a:ibm:websphere_mq:6.0.2.0 cpe:/a:ibm:websphere_mq:6.0.2.1 cpe:/a:ibm:websphere_mq:6.0.2.2 cpe:/a:ibm:websphere_mq:6.0.2.3 cpe:/a:ibm:websphere_mq:6.0.2.4 cpe:/a:ibm:websphere_mq:6.0.2.5 cpe:/a:ibm:websphere_mq:6.0.2.6 cpe:/a:ibm:websphere_mq:6.0.2.7 cpe:/a:ibm:websphere_mq:6.0.2.8 cpe:/a:ibm:websphere_mq:6.0.2.9 cpe:/a:ibm:websphere_mq:6.0.2.10 cpe:/a:ibm:websphere_mq:7.0 cpe:/a:ibm:websphere_mq:7.0.0.1 cpe:/a:ibm:websphere_mq:7.0.0.2 cpe:/a:ibm:websphere_mq:7.0.1 cpe:/a:ibm:websphere_mq:7.0.1.0 cpe:/a:ibm:websphere_mq:7.0.1.1 cpe:/a:ibm:websphere_mq:7.0.1.2 cpe:/a:ibm:websphere_mq:7.0.1.3 cpe:/a:ibm:websphere_mq:7.0.1.4

CVE-2011-0314

2011-01-11T20:00:02.040-05:00

2017-08-16T21:33:26.557-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov BID 45801 AIXAPAR IZ81294 XF wmq-message-bo(64550) Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.

cpe:/a:ibm:websphere_application_server:6.1 cpe:/a:ibm:websphere_application_server:6.1.0 cpe:/a:ibm:websphere_application_server:6.1.0.0 cpe:/a:ibm:websphere_application_server:6.1.0.1 cpe:/a:ibm:websphere_application_server:6.1.0.2 cpe:/a:ibm:websphere_application_server:6.1.0.3 cpe:/a:ibm:websphere_application_server:6.1.0.5 cpe:/a:ibm:websphere_application_server:6.1.0.7 cpe:/a:ibm:websphere_application_server:6.1.0.9 cpe:/a:ibm:websphere_application_server:6.1.0.11 cpe:/a:ibm:websphere_application_server:6.1.0.12 cpe:/a:ibm:websphere_application_server:6.1.0.13 cpe:/a:ibm:websphere_application_server:6.1.0.15 cpe:/a:ibm:websphere_application_server:6.1.0.17 cpe:/a:ibm:websphere_application_server:6.1.0.19 cpe:/a:ibm:websphere_application_server:6.1.0.21 cpe:/a:ibm:websphere_application_server:6.1.0.23 cpe:/a:ibm:websphere_application_server:6.1.0.25 cpe:/a:ibm:websphere_application_server:6.1.0.27 cpe:/a:ibm:websphere_application_server:6.1.0.29 cpe:/a:ibm:websphere_application_server:6.1.0.31 cpe:/a:ibm:websphere_application_server:6.1.0.33 cpe:/a:ibm:websphere_application_server:7.0 cpe:/a:ibm:websphere_application_server:7.0.0.1 cpe:/a:ibm:websphere_application_server:7.0.0.2 cpe:/a:ibm:websphere_application_server:7.0.0.3 cpe:/a:ibm:websphere_application_server:7.0.0.4 cpe:/a:ibm:websphere_application_server:7.0.0.5 cpe:/a:ibm:websphere_application_server:7.0.0.6 cpe:/a:ibm:websphere_application_server:7.0.0.7 cpe:/a:ibm:websphere_application_server:7.0.0.8 cpe:/a:ibm:websphere_application_server:7.0.0.9 cpe:/a:ibm:websphere_application_server:7.0.0.11 cpe:/a:ibm:websphere_application_server:7.0.0.13

CVE-2011-0315

2011-01-11T20:00:02.103-05:00

2017-08-16T21:33:26.617-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 46736 VUPEN ADV-2011-0564 AIXAPAR PM18512 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007951 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014463 XF was-webcontainer-xss(64554) Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application.

CVE-2011-0316

2011-01-11T20:00:02.290-05:00

2017-08-16T21:33:26.680-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 46736 VUPEN ADV-2011-0564 AIXAPAR PM24372 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27007951 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27014463 XF was-consoleservlet-info-disclosure(64558) The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.

cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.0.196 cpe:/a:adobe:shockwave_player:8.0.196a cpe:/a:adobe:shockwave_player:8.0.204 cpe:/a:adobe:shockwave_player:8.0.205 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:8.5.1.100 cpe:/a:adobe:shockwave_player:8.5.1.103 cpe:/a:adobe:shockwave_player:8.5.1.105 cpe:/a:adobe:shockwave_player:8.5.1.106 cpe:/a:adobe:shockwave_player:8.5.321 cpe:/a:adobe:shockwave_player:8.5.323 cpe:/a:adobe:shockwave_player:8.5.324 cpe:/a:adobe:shockwave_player:8.5.325 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:9.0.383 cpe:/a:adobe:shockwave_player:9.0.432 cpe:/a:adobe:shockwave_player:10.0.0.210 cpe:/a:adobe:shockwave_player:10.0.1.004 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:10.1.1.016 cpe:/a:adobe:shockwave_player:10.1.4.020 cpe:/a:adobe:shockwave_player:10.2.0.021 cpe:/a:adobe:shockwave_player:10.2.0.022 cpe:/a:adobe:shockwave_player:10.2.0.023 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:11.0.3.471 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:11.5.1.601 cpe:/a:adobe:shockwave_player:11.5.2.602 cpe:/a:adobe:shockwave_player:11.5.6.606 cpe:/a:adobe:shockwave_player:11.5.7.609 cpe:/a:adobe:shockwave_player:11.5.8.612 cpe:/a:adobe:shockwave_player:11.5.9.615 cpe:/a:adobe:shockwave_player:11.5.9.620

CVE-2011-0317

2011-06-16T19:55:01.230-04:00

2011-10-04T22:51:37.160-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb11-17.html CERT TA11-166A Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.

CVE-2011-0318

2011-06-16T19:55:01.277-04:00

2011-10-04T22:51:37.317-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb11-17.html CERT TA11-166A Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.

CVE-2011-0319

2011-06-16T19:55:01.323-04:00

2011-10-04T22:51:37.457-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb11-17.html CERT TA11-166A Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.

CVE-2011-0320

2011-06-16T19:55:01.370-04:00

2011-10-04T22:51:37.613-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb11-17.html CERT TA11-166A Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.

cpe:/a:emc:networker:6.0 cpe:/a:emc:networker:6.1 cpe:/a:emc:networker:7.0 cpe:/a:emc:networker:7.2 cpe:/a:emc:networker:7.3 cpe:/a:emc:networker:7.4 cpe:/a:emc:networker:7.4:sp1 cpe:/a:emc:networker:7.4:sp2 cpe:/a:emc:networker:7.4:sp3 cpe:/a:emc:networker:7.4:sp4 cpe:/a:emc:networker:7.4:sp5 cpe:/a:emc:networker:7.5 cpe:/a:emc:networker:7.5:sp1 cpe:/a:emc:networker:7.5:sp2 cpe:/a:emc:networker:7.5:sp3 cpe:/a:emc:networker:7.5.3.1 cpe:/a:emc:networker:7.5.3.2 cpe:/a:emc:networker:7.5.3.3 cpe:/a:emc:networker:7.5.3.4 cpe:/a:emc:networker:7.6.0.2 cpe:/a:emc:networker:7.6.0.3 cpe:/a:emc:networker:7.6.0.4 cpe:/a:emc:networker:7.6.0.5 cpe:/a:emc:networker:7.6.0.6 cpe:/a:emc:networker:7.6.0.7 cpe:/a:emc:networker:7.6.0.8 cpe:/a:emc:networker:7.6.0.9 cpe:/a:emc:networker:7.6.1.1

CVE-2011-0321

2011-02-01T13:00:03.313-05:00

2017-08-16T21:33:26.743-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

PARTIAL

http://nvd.nist.gov BUGTRAQ 20110126 ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability. CONFIRM http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt SECTRACK 1025010 BID 46044 VUPEN ADV-2011-0241 XF networker-librpc-security-bypass(64997) librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.

cpe:/a:rsa:access_manager_server:5.5.3 cpe:/a:rsa:access_manager_server:6.0.4 cpe:/a:rsa:access_manager_server:6.1 cpe:/a:rsa:access_manager_server:6.1.2 cpe:/a:rsa:access_manager_server:6.1.3

CVE-2011-0322

2011-03-16T18:55:01.357-04:00

2018-10-10T16:09:40.107-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov SREASON 8142 BUGTRAQ 20110315 ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server BID 46875 SECTRACK 1025214 VUPEN ADV-2011-0676 XF rsa-unspecified-security-bypass(66104) Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors.

cpe:/a:topazsystems:sigplus_pro_activex_control:3.95

CVE-2011-0323

2011-02-07T16:00:14.680-05:00

2017-08-16T21:33:26.837-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 46128 XF sigplus-sigmessage-file-overwrite(65117) Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content.

cpe:/a:topazsystems:sigplus_pro_activex_control:3.95

CVE-2011-0324

2011-02-07T16:00:14.777-05:00

2017-08-16T21:33:26.900-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 46128 XF sigplus-keystring-bo(65114) XF sigplus-newpath-bo(65115) XF sigplus-newportpath-bo(65116) Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyString property, (2) NewPath parameter to the SetLocalIniFilePath method, or (3) NewPortPath parameter to the SetTabletPortPath method.

cpe:/a:dell:dellsystemlite.scanner_activex_control:1.0.0.0

CVE-2011-0329

2011-02-21T13:00:01.160-05:00

2011-03-17T22:56:44.507-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 46443 SECTRACK 1025094 Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter.

cpe:/a:dell:dellsystemlite.scanner_activex_control:1.0.0.0

CVE-2011-0330

2011-02-21T13:00:01.223-05:00

2011-03-17T22:56:44.647-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov BID 46443 SECTRACK 1025094 The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software.

cpe:/a:honeywell:scanserver_activex_control:780.0.20.5

CVE-2011-0331

2011-03-22T13:55:01.253-04:00

2011-04-08T23:32:50.463-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 46930 VUPEN ADV-2011-0725 Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.

cpe:/a:foxitsoftware:foxit_phantom:1.0.2 cpe:/a:foxitsoftware:foxit_phantom:2.0 cpe:/a:foxitsoftware:foxit_phantom:2.1 cpe:/a:foxitsoftware:foxit_phantom:2.1.1 cpe:/a:foxitsoftware:foxit_phantom:2.2 cpe:/a:foxitsoftware:foxit_phantom:2.2.1 cpe:/a:foxitsoftware:foxit_phantom:2.2.3 cpe:/a:foxitsoftware:foxit_phantom:2.2.4 cpe:/a:foxitsoftware:foxit_phantom:2.3 cpe:/a:foxitsoftware:foxit_reader:2.0 cpe:/a:foxitsoftware:foxit_reader:2.2 cpe:/a:foxitsoftware:foxit_reader:2.3 cpe:/a:foxitsoftware:foxit_reader:3.0 cpe:/a:foxitsoftware:foxit_reader:3.1 cpe:/a:foxitsoftware:foxit_reader:3.1.1 cpe:/a:foxitsoftware:foxit_reader:3.1.3 cpe:/a:foxitsoftware:foxit_reader:3.1.4 cpe:/a:foxitsoftware:foxit_reader:3.2 cpe:/a:foxitsoftware:foxit_reader:3.2.1 cpe:/a:foxitsoftware:foxit_reader:3.3.1 cpe:/a:foxitsoftware:foxit_reader:4.0 cpe:/a:foxitsoftware:foxit_reader:4.1.1 cpe:/a:foxitsoftware:foxit_reader:4.3

CVE-2011-0332

2011-02-25T14:00:00.947-05:00

2016-11-08T12:47:55.837-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2016-11-08T10:54:04.343-05:00

CONFIRM http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#memory SECTRACK 1025129 VUPEN ADV-2011-0508 Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

cpe:/a:novell:groupwise:8.0 cpe:/a:novell:groupwise:8.0:hp1 cpe:/a:novell:groupwise:8.0:hp2

CVE-2011-0333

2011-10-07T22:52:52.113-04:00

2012-05-14T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-10-10T07:49:00.000-04:00

CONFIRM http://www.novell.com/support/viewContent.do?externalId=7009208 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=678715 IDEFENSE 20110926 Novell GroupWise iCal TZNAME Heap Overflow Vulnerability Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."

cpe:/a:novell:groupwise:8.0 cpe:/a:novell:groupwise:8.0:hp1 cpe:/a:novell:groupwise:8.0:hp2

CVE-2011-0334

2011-10-07T22:52:52.143-04:00

2012-05-14T00:00:00.000-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2011-10-10T07:55:00.000-04:00

CONFIRM http://www.novell.com/support/viewContent.do?externalId=7009210 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=678939 Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.

CVE-2011-0335

2011-06-16T19:55:01.400-04:00

2011-10-04T22:51:38.550-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://www.adobe.com/support/security/bulletins/apsb11-17.html CERT TA11-166A Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.

cpe:/a:advantech:advantech_studio:6.1:sp6_61.6.01.05 cpe:/a:indusoft:thin_client:7.0 cpe:/a:indusoft:web_studio:6.1 cpe:/a:indusoft:web_studio:6.1:sp6 cpe:/a:indusoft:web_studio:7.0

CVE-2011-0340

2011-05-04T18:55:01.467-04:00

2013-05-20T23:04:44.983-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03 CONFIRM http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm CONFIRM http://www.indusoft.com/hotfixes/hotfixes.php BID 47596 MISC http://www.us-cert.gov/control_systems/pdf/ICSA-12-137-02.pdf VUPEN ADV-2011-1115 VUPEN ADV-2011-1116 Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

cpe:/a:artifex:mupdf:2008.09.02

CVE-2011-0341

2011-05-13T13:05:41.673-04:00

2017-08-16T21:33:26.963-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov BID 47739 VUPEN ADV-2011-1191 XF mupdf-pdfmozonmouse-bo(67298) Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.

cpe:/a:indusoft:web_studio:7.0b2:hotfix7.0.01.04

CVE-2011-0342

2011-09-02T12:55:01.460-04:00

2013-05-20T23:04:45.633-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MISC http://ics-cert.us-cert.gov/advisories/ICSA-11-273-02 CONFIRM http://www.indusoft.com/hotfixes/hotfixes.php BID 49403 Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.

cpe:/a:balabit:syslog-ng:2.0::open_source cpe:/a:balabit:syslog-ng:2.0::premium cpe:/a:balabit:syslog-ng:3.0::open_source cpe:/a:balabit:syslog-ng:3.0::premium cpe:/a:balabit:syslog-ng:3.1::open_source cpe:/a:balabit:syslog-ng:3.1::premium cpe:/a:balabit:syslog-ng:3.2::open_source cpe:/a:balabit:syslog-ng:3.2::premium

CVE-2011-0343

2011-01-28T11:00:03.390-05:00

2018-10-10T16:09:40.733-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608491 BUGTRAQ 20110125 syslog-ng wrong file permission vulnerability BID 45988 MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.

cpe:/a:alcatel-lucent:omnipcx:5.0::enterprise cpe:/a:alcatel-lucent:omnipcx:6.2::enterprise cpe:/a:alcatel-lucent:omnipcx:7.0::enterprise cpe:/a:alcatel-lucent:omnipcx:7.1::enterprise cpe:/a:alcatel-lucent:omnipcx:8.0::enterprise cpe:/a:alcatel-lucent:omnipcx:9.0::enterprise

CVE-2011-0344

2011-03-08T16:59:33.733-05:00

2017-08-16T21:33:27.010-04:00

5.8

ADJACENT_NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov IDEFENSE 20110301 Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability CONFIRM http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011001.pdf BID 46640 VUPEN ADV-2011-0549 XF omnipcx-unified-maintenance-bo(65849) Multiple stack-based buffer overflows in unspecified CGI programs in the Unified Maintenance Tool web interface in the embedded web server in the Communication Server (CS) in Alcatel-Lucent OmniPCX Enterprise before R9.0 H1.301.50 allow remote attackers to execute arbitrary code via crafted HTTP headers.

cpe:/a:alcatel-lucent:omnivista:4760_r5.0.07.05 cpe:/a:alcatel-lucent:omnivista:4760_r5.1.06.03

CVE-2011-0345

2011-03-08T16:59:33.857-05:00

2018-10-10T16:09:41.200-04:00

3.3

ADJACENT_NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov FULLDISC 20110301 DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ] SREASON 8122 CONFIRM http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf BUGTRAQ 20110301 DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ] BID 46624 VUPEN ADV-2011-0548 XF omnivista-lang-file-include(65848) Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.

cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:8

CVE-2011-0346

2011-01-07T18:00:20.093-05:00

2019-02-26T09:04:00.993-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more MISC http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx MISC http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html MISC http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt MISC http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt MISC http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt CERT-VN VU#427980 BUGTRAQ 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more BID 45639 SECTRACK 1024940 CERT TA11-102A VUPEN ADV-2011-0026 MS MS11-018 XF ms-ie-releaseinterface-code-execution(64482) Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."

cpe:/a:microsoft:ie

CVE-2011-0347

2011-01-07T18:00:20.390-05:00

2018-10-10T16:09:43.997-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov FULLDISC 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more MISC http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx MISC http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html MISC http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt MISC http://lcamtuf.coredump.cx/cross_fuzz/msie_display.jpg MISC http://www.microsoft.com/technet/security/advisory/2490606.mspx BUGTRAQ 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more XF ms-ie-gui-weak-security(64571) Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.

cpe:/o:cisco:ios:12.4%2811%29md cpe:/o:cisco:ios:12.4%2815%29md cpe:/o:cisco:ios:12.4%2822%29md cpe:/o:cisco:ios:12.4%2822%29mda cpe:/o:cisco:ios:12.4%2824%29md cpe:/o:cisco:ios:12.4%2824%29md1 cpe:/o:cisco:ios:12.4%2824%29mda

CVE-2011-0348

2011-01-28T17:00:05.787-05:00

2017-08-16T21:33:27.277-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov SECTRACK 1024992 CISCO 20110126 Cisco Content Services Gateway Vulnerabilities BID 46022 VUPEN ADV-2011-0229 XF cisco-csg2-policy-security-bypass(64936) Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917.

cpe:/o:cisco:ios:12.4%2824%29md cpe:/o:cisco:ios:12.4%2824%29md1

CVE-2011-0349

2011-01-28T17:00:05.817-05:00

2017-08-16T21:33:27.323-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1024992 CISCO 20110126 Cisco Content Services Gateway Vulnerabilities BID 46026 VUPEN ADV-2011-0229 XF cisco-csg2-tcp-dos(64937) Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth17178, a different vulnerability than CVE-2011-0350.

cpe:/o:cisco:ios:12.4%2824%29md cpe:/o:cisco:ios:12.4%2824%29md1

CVE-2011-0350

2011-01-28T17:00:05.863-05:00

2017-08-16T21:33:27.383-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1024992 CISCO 20110126 Cisco Content Services Gateway Vulnerabilities BID 46028 VUPEN ADV-2011-0229 XF cisco-csg2-tcp-packets-dos(64938) Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth41891, a different vulnerability than CVE-2011-0349.

cpe:/a:cisco:linksys_wrt54gc_router_firmware:1.02.5 cpe:/a:cisco:linksys_wrt54gc_router_firmware:1.02.8 cpe:/a:cisco:linksys_wrt54gc_router_firmware:1.05.7 cpe:/h:cisco:linksys_wrt54gc_router

CVE-2011-0352

2011-01-24T13:00:04.190-05:00

2017-08-16T21:33:27.447-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov JVN JVN#26605630 JVNDB JVNDB-2011-000007 CONFIRM http://tools.cisco.com/security/center/viewAlert.x?alertId=22228 VUPEN ADV-2011-0205 XF wrt54gc-interface-bo(64850) Buffer overflow in the web-based management interface on the Cisco Linksys WRT54GC router with firmware before 1.06.1 allows remote attackers to cause a denial of service (device crash) via a long string in a POST request.

cpe:/a:cisco:tandberg_endpoint:tc2.1.2 cpe:/a:cisco:tandberg_endpoint:tc3.0.0 cpe:/a:cisco:tandberg_endpoint:tc3.1.0 cpe:/a:cisco:tandberg_endpoint:tc3.1.1 cpe:/a:cisco:tandberg_endpoint:tc3.1.2 cpe:/a:cisco:tandberg_endpoint:tc3.1.3 cpe:/a:cisco:tandberg_personal_video_unit_software:tc3.1.0 cpe:/a:cisco:tandberg_personal_video_unit_software:tc3.1.1 cpe:/a:cisco:tandberg_personal_video_unit_software:tc3.1.2 cpe:/a:cisco:tandberg_personal_video_unit_software:tc3.1.3 cpe:/a:cisco:tandberg_personal_video_unit_software:te1.0.1 cpe:/a:cisco:tandberg_personal_video_unit_software:te2.2.0 cpe:/a:cisco:tandberg_personal_video_unit_software:te2.2.1 cpe:/h:cisco:tandberg_endpoint:c20 cpe:/h:cisco:tandberg_endpoint:c40 cpe:/h:cisco:tandberg_endpoint:c60 cpe:/h:cisco:tandberg_endpoint:c90 cpe:/h:cisco:tandberg_personal_video_unit:e20 cpe:/h:cisco:tandberg_personal_video_unit:ex60 cpe:/h:cisco:tandberg_personal_video_unit:ex90

CVE-2011-0354

2011-02-03T11:00:02.570-05:00

2011-09-21T23:28:02.133-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

ALLOWS_ADMIN_ACCESS

SREASON 8060 SECTRACK 1025017 CONFIRM http://tools.cisco.com/security/center/viewAlert.x?alertId=22314 CISCO 20110202 Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints EXPLOIT-DB 16100 CERT-VN VU#436854 BID 46107 The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.

cpe:/a:cisco:1000v_virtual_ethernet_module_%28vem%29:4.0%284%29:sv1%281%29 cpe:/a:cisco:1000v_virtual_ethernet_module_%28vem%29:4.0%284%29:sv1%282%29 cpe:/a:cisco:1000v_virtual_ethernet_module_%28vem%29:4.0%284%29:sv1%283%29 cpe:/a:cisco:1000v_virtual_ethernet_module_%28vem%29:4.0%284%29:sv1%283a%29 cpe:/a:cisco:1000v_virtual_ethernet_module_%28vem%29:4.0%284%29:sv1%283b%29 cpe:/a:vmware:esx:4.0 cpe:/a:vmware:esx:4.1 cpe:/a:vmware:esxi:4.0 cpe:/a:vmware:esxi:4.1

CVE-2011-0355

2011-02-17T13:00:03.557-05:00

2018-10-10T16:09:44.983-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov MLIST [security-announce] 20110207 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi SREASON 8090 SECTRACK 1025030 CONFIRM http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_c/release/notes/n1000v_rn.html BUGTRAQ 20110208 VMSA-2011-0002 Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi BID 46247 CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0002.html VUPEN ADV-2011-0314 VUPEN ADV-2011-0315 XF cisco-nexus-packets-dos(65217) Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through SV1(3b), as used in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, does not properly handle dropped packets, which allows guest OS users to cause a denial of service (ESX or ESXi host OS crash) by sending an 802.1Q tagged packet over an access vEthernet port, aka Cisco Bug ID CSCtj17451.

cpe:/a:cisco:security_agent:5.1 cpe:/a:cisco:security_agent:5.2 cpe:/a:cisco:security_agent:6.0

CVE-2011-0364

2011-02-18T20:00:02.337-05:00

2018-10-10T16:09:46.170-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 8095 SREASON 8197 SREASON 8205 CISCO 20110216 Management Center for Cisco Security Agent Remote Code Execution Vulnerability BUGTRAQ 20110217 ZDI-11-088: Cisco Security Agent Management st_upload Remote Code Execution Vulnerability BID 46420 SECTRACK 1025088 VUPEN ADV-2011-0424 MISC http://www.zerodayinitiative.com/advisories/ZDI-11-088 XF cisco-security-webagent-file-upload(65436) The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.

CVE-2011-0372

2011-02-25T07:00:01.557-05:00

2011-03-30T23:29:31.393-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025112 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.

CVE-2011-0373

2011-02-25T07:00:17.633-05:00

2011-03-30T23:29:31.673-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025112 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.

CVE-2011-0374

2011-02-25T07:00:17.727-05:00

2011-03-30T23:29:31.893-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025112 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.

cpe:/a:cisco:telepresence_system_software:1.2.3 cpe:/a:cisco:telepresence_system_software:1.3.2 cpe:/a:cisco:telepresence_system_software:1.4.7 cpe:/a:cisco:telepresence_system_software:1.5.1 cpe:/a:cisco:telepresence_system_software:1.5.3 cpe:/a:cisco:telepresence_system_software:1.5.10 cpe:/a:cisco:telepresence_system_software:1.5.11 cpe:/a:cisco:telepresence_system_software:1.5.12 cpe:/a:cisco:telepresence_system_software:1.5.13 cpe:/a:cisco:telepresence_system_software:1.6.0 cpe:/a:cisco:telepresence_system_software:1.6.2 cpe:/a:cisco:telepresence_system_software:1.6.3 cpe:/a:cisco:telepresence_system_software:1.6.4 cpe:/a:cisco:telepresence_system_software:1.6.5 cpe:/a:cisco:telepresence_system_software:1.6.6 cpe:/a:cisco:telepresence_system_software:1.6.7 cpe:/a:cisco:telepresence_system_software:1.6.8 cpe:/h:cisco:telepresence_system_1000 cpe:/h:cisco:telepresence_system_1100 cpe:/h:cisco:telepresence_system_1300_series cpe:/h:cisco:telepresence_system_3000 cpe:/h:cisco:telepresence_system_3200_series cpe:/h:cisco:telepresence_system_500_series

CVE-2011-0375

2011-02-25T07:00:18.087-05:00

2011-03-30T23:29:32.157-04:00

9.0

NETWORK

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025112 The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.

cpe:/a:cisco:telepresence_system_software:1.2.3 cpe:/a:cisco:telepresence_system_software:1.3.2 cpe:/a:cisco:telepresence_system_software:1.4.7 cpe:/a:cisco:telepresence_system_software:1.5.1 cpe:/a:cisco:telepresence_system_software:1.5.3 cpe:/a:cisco:telepresence_system_software:1.5.10 cpe:/a:cisco:telepresence_system_software:1.5.11 cpe:/a:cisco:telepresence_system_software:1.5.12 cpe:/a:cisco:telepresence_system_software:1.5.13 cpe:/a:cisco:telepresence_system_software:1.6.0 cpe:/a:cisco:telepresence_system_software:1.6.1 cpe:/h:cisco:telepresence_system_1000 cpe:/h:cisco:telepresence_system_1100 cpe:/h:cisco:telepresence_system_1300_series cpe:/h:cisco:telepresence_system_3000 cpe:/h:cisco:telepresence_system_3200_series cpe:/h:cisco:telepresence_system_500_series

CVE-2011-0376

2011-02-25T07:00:18.167-05:00

2011-03-30T23:29:32.393-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025112 The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.

CVE-2011-0377

2011-02-25T07:00:18.243-05:00

2017-08-16T21:33:27.633-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025112 XF cisco-endpoint-ipaddress-dos(65616) Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allow remote attackers to cause a denial of service (service crash) via a malformed SOAP request in conjunction with a spoofed TelePresence Manager that supplies an invalid IP address, aka Bug ID CSCth03605.

CVE-2011-0378

2011-02-25T07:00:18.307-05:00

2011-03-30T23:29:32.907-04:00

8.3

ADJACENT_NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025112 The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.

cpe:/a:cisco:adaptive_security_appliance_software:1.6.0 cpe:/a:cisco:telepresence_manager:1.2.0.0 cpe:/a:cisco:telepresence_manager:1.3.2 cpe:/a:cisco:telepresence_manager:1.4.0 cpe:/a:cisco:telepresence_manager:1.5.1 cpe:/a:cisco:telepresence_manager:1.5.2 cpe:/a:cisco:telepresence_manager:1.6.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.0.4.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.4 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.5 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.6 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.4 cpe:/a:cisco:telepresence_system_software:1.2.3 cpe:/a:cisco:telepresence_system_software:1.3.2 cpe:/a:cisco:telepresence_system_software:1.4.7 cpe:/a:cisco:telepresence_system_software:1.5.1 cpe:/a:cisco:telepresence_system_software:1.5.3 cpe:/a:cisco:telepresence_system_software:1.5.10 cpe:/a:cisco:telepresence_system_software:1.5.11 cpe:/a:cisco:telepresence_system_software:1.5.12 cpe:/a:cisco:telepresence_system_software:1.5.13 cpe:/a:cisco:telepresence_system_software:1.6.0 cpe:/a:cisco:telepresence_system_software:1.6.2 cpe:/a:cisco:telepresence_system_software:1.6.3 cpe:/a:cisco:telepresence_system_software:1.6.4 cpe:/a:cisco:telepresence_system_software:1.6.5 cpe:/a:cisco:telepresence_system_software:1.6.6 cpe:/a:cisco:telepresence_system_software:1.6.7 cpe:/a:cisco:telepresence_system_software:1.6.8 cpe:/h:cisco:5500_series_adaptive_security_appliance cpe:/h:cisco:asa_5500 cpe:/h:cisco:telepresence_multipoint_switch cpe:/h:cisco:telepresence_system_1000 cpe:/h:cisco:telepresence_system_1100 cpe:/h:cisco:telepresence_system_1300_series cpe:/h:cisco:telepresence_system_3000 cpe:/h:cisco:telepresence_system_3200_series cpe:/h:cisco:telepresence_system_500_series

CVE-2011-0379

2011-02-25T07:00:18.383-05:00

2011-04-08T23:32:54.883-04:00

7.9

ADJACENT_NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Manager CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices SECTRACK 1025111 SECTRACK 1025112 SECTRACK 1025113 SECTRACK 1025114 Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 1.6.x; Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x; Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x; and Cisco TelePresence Manager 1.2.x, 1.3.x, 1.4.x, 1.5.x, and 1.6.2 allows remote attackers to execute arbitrary code via a crafted Cisco Discovery Protocol packet, aka Bug IDs CSCtd75769, CSCtd75766, CSCtd75754, and CSCtd75761.

cpe:/a:cisco:telepresence_manager:1.2.0.0 cpe:/a:cisco:telepresence_manager:1.3.2 cpe:/a:cisco:telepresence_manager:1.4.0 cpe:/a:cisco:telepresence_manager:1.5.1 cpe:/a:cisco:telepresence_manager:1.5.2 cpe:/a:cisco:telepresence_manager:1.6.0 cpe:/a:cisco:telepresence_manager:1.6.2 cpe:/a:cisco:telepresence_manager:1.6.3 cpe:/a:cisco:telepresence_manager:1.6.5

CVE-2011-0380

2011-02-25T07:00:18.477-05:00

2017-08-16T21:33:27.697-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Manager BID 46526 SECTRACK 1025111 XF telepresence-soap-security-bypass(65618) Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to bypass authentication and invoke arbitrary methods via a malformed SOAP request, aka Bug ID CSCtc59562.

CVE-2011-0381

2011-02-25T07:00:18.527-05:00

2017-08-16T21:33:27.760-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Manager BID 46526 SECTRACK 1025111 XF telepresence-manager-rmi-command-exec(65619) Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085.

cpe:/a:cisco:telepresence_recording_server_software:1.6.1 cpe:/h:cisco:telepresence_recording_server

CVE-2011-0382

2011-02-25T07:00:18.570-05:00

2011-04-08T23:32:55.463-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server BID 46522 SECTRACK 1025114 The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221.

cpe:/a:cisco:telepresence_multipoint_switch_software:1.0.4.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.4 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.5 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.6 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.4 cpe:/a:cisco:telepresence_recording_server_software:1.6.1 cpe:/h:cisco:telepresence_multipoint_switch cpe:/h:cisco:telepresence_recording_server

CVE-2011-0383

2011-02-25T07:00:18.603-05:00

2017-08-16T21:33:27.823-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch BID 46519 SECTRACK 1025113 SECTRACK 1025114 XF telepresence-java-unauth-access(65602) The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.

CVE-2011-0384

2011-02-25T07:00:18.680-05:00

2017-08-16T21:33:27.883-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch BID 46520 SECTRACK 1025113 XF cisco-switch-java-unauth-access(65620) The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.

cpe:/a:cisco:telepresence_multipoint_switch_software:1.0.4.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.4 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.5 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.6 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.4 cpe:/a:cisco:telepresence_recording_server_software:1.6.1 cpe:/a:cisco:telepresence_recording_server_software:1.6.2 cpe:/a:cisco:telepresence_recording_server_software:1.6.3 cpe:/h:cisco:telepresence_multipoint_switch cpe:/h:cisco:telepresence_recording_server

CVE-2011-0385

2011-02-25T07:00:18.727-05:00

2017-08-16T21:33:27.947-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch SECTRACK 1025113 SECTRACK 1025114 XF telepresence-interface-file-upload(65604) The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.

cpe:/a:cisco:telepresence_recording_server_software:1.6.1 cpe:/a:cisco:telepresence_recording_server_software:1.6.2 cpe:/a:cisco:telepresence_recording_server_software:1.6.3 cpe:/a:cisco:telepresence_recording_server_software:1.7.0 cpe:/a:cisco:telepresence_recording_server_software:1.7.1 cpe:/h:cisco:telepresence_recording_server

CVE-2011-0386

2011-02-25T07:00:18.790-05:00

2017-08-16T21:33:28.010-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server BID 46522 SECTRACK 1025114 XF telepresence-xmlrpc-file-overwrite(65605) The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.

CVE-2011-0387

2011-02-25T07:00:18.837-05:00

2017-08-16T21:33:28.073-04:00

8.0

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch BID 46520 SECTRACK 1025113 XF cisco-multipoint-interface-dos(65621) The administrative web interface on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote authenticated users to cause a denial of service or have unspecified other impact via vectors involving access to a servlet, aka Bug ID CSCtf97164.

cpe:/a:cisco:telepresence_multipoint_switch_software:1.0.4.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.4 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.5 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.6 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.4 cpe:/a:cisco:telepresence_recording_server_software:1.6.1 cpe:/a:cisco:telepresence_recording_server_software:1.6.2 cpe:/a:cisco:telepresence_recording_server_software:1.6.3 cpe:/h:cisco:telepresence_multipoint_switch cpe:/h:cisco:telepresence_recording_server

CVE-2011-0388

2011-02-25T07:00:18.900-05:00

2011-04-08T23:32:57.277-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch BID 46523 SECTRACK 1025113 SECTRACK 1025114 Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote access to the Java servlet RMI interface, which allows remote attackers to cause a denial of service (memory consumption and web outage) via multiple crafted requests, aka Bug IDs CSCtg35830 and CSCtg35825.

CVE-2011-0389

2011-02-25T07:00:18.963-05:00

2017-08-16T21:33:28.133-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch BID 46520 SECTRACK 1025113 XF cisco-multipoint-rtpc-dos(65622) Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allow remote attackers to cause a denial of service (process crash) via a crafted Real-Time Transport Control Protocol (RTCP) UDP packet, aka Bug ID CSCth60993.

cpe:/a:cisco:telepresence_multipoint_switch_software:1.0.4.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.1.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.4 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.5 cpe:/a:cisco:telepresence_multipoint_switch_software:1.5.6 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.0 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.1 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.2 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.3 cpe:/a:cisco:telepresence_multipoint_switch_software:1.6.4 cpe:/a:cisco:telepresence_multipoint_switch_software:1.7.0 cpe:/h:cisco:telepresence_multipoint_switch

CVE-2011-0390

2011-02-25T07:00:19.010-05:00

2017-08-16T21:33:28.197-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch BID 46520 SECTRACK 1025113 XF telepresence-multipoint-xmlrpc-dos(65623) The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, 1.6.x, and 1.7.0 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka Bug ID CSCtj44534.

CVE-2011-0391

2011-02-25T07:00:19.057-05:00

2017-08-16T21:33:28.260-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server BID 46522 SECTRACK 1025114 XF telepresence-adhoc-dos(65607) Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an "ad hoc recording" issue, aka Bug ID CSCtf97205.

CVE-2011-0392

2011-02-25T07:00:19.103-05:00

2017-08-16T21:33:28.323-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server BID 46522 SECTRACK 1025114 XF telepresence-xmlrpc-security-bypass(65609) Cisco TelePresence Recording Server devices with software 1.6.x do not require authentication for an XML-RPC interface, which allows remote attackers to perform unspecified actions via a session on TCP port 8080, aka Bug ID CSCtg35833.

CVE-2011-0393

2011-02-25T07:00:19.167-05:00

2017-08-16T21:33:28.383-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances SECTRACK 1025108 VUPEN ADV-2011-0493 XF asa-packet-buffer-dos(65589) Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.12), 7.1 and 7.2 before 7.2(5.2), 8.0 before 8.0(5.21), 8.1 before 8.1(2.49), 8.2 before 8.2(3.6), and 8.3 before 8.3(2.7) and Cisco PIX Security Appliances 500 series devices, when transparent firewall mode is configured but IPv6 is not configured, allow remote attackers to cause a denial of service (packet buffer exhaustion and device outage) via IPv6 traffic, aka Bug ID CSCtj04707.

cpe:/a:cisco:adaptive_security_appliance_software:7.0 cpe:/a:cisco:adaptive_security_appliance_software:7.0%280%29 cpe:/a:cisco:adaptive_security_appliance_software:7.0%282%29 cpe:/a:cisco:adaptive_security_appliance_software:7.0%284%29 cpe:/a:cisco:adaptive_security_appliance_software:7.0%285%29 cpe:/a:cisco:adaptive_security_appliance_software:7.0%285.2%29 cpe:/a:cisco:adaptive_security_appliance_software:7.0%286.7%29 cpe:/a:cisco:adaptive_security_appliance_software:7.0.1 cpe:/a:cisco:adaptive_security_appliance_software:7.0.1.4 cpe:/a:cisco:adaptive_security_appliance_software:7.0.2 cpe:/a:cisco:adaptive_security_appliance_software:7.0.4 cpe:/a:cisco:adaptive_security_appliance_software:7.0.4.3 cpe:/a:cisco:adaptive_security_appliance_software:7.0.5 cpe:/a:cisco:adaptive_security_appliance_software:7.0.6 cpe:/a:cisco:adaptive_security_appliance_software:7.0.7 cpe:/a:cisco:adaptive_security_appliance_software:7.0.8 cpe:/a:cisco:adaptive_security_appliance_software:7.0.8:interim cpe:/a:cisco:adaptive_security_appliance_software:7.1 cpe:/a:cisco:adaptive_security_appliance_software:7.1%282%29 cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.5%29 cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.27%29 cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.48%29 cpe:/a:cisco:adaptive_security_appliance_software:7.1%282.49%29 cpe:/a:cisco:adaptive_security_appliance_software:7.1%285%29 cpe:/a:cisco:adaptive_security_appliance_software:7.1.1 cpe:/a:cisco:adaptive_security_appliance_software:7.1.2 cpe:/a:cisco:adaptive_security_appliance_software:7.2 cpe:/a:cisco:adaptive_security_appliance_software:7.2%281%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%281.22%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.5%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.7%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.8%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.10%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.14%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.15%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.16%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.17%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.18%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.19%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2%282.48%29 cpe:/a:cisco:adaptive_security_appliance_software:7.2.1 cpe:/a:cisco:adaptive_security_appliance_software:7.2.2 cpe:/a:cisco:adaptive_security_appliance_software:7.2.3 cpe:/a:cisco:adaptive_security_appliance_software:7.2.4 cpe:/a:cisco:adaptive_security_appliance_software:7.2.5 cpe:/a:cisco:adaptive_security_appliance_software:8.0 cpe:/a:cisco:adaptive_security_appliance_software:8.0.2 cpe:/a:cisco:adaptive_security_appliance_software:8.0.3 cpe:/a:cisco:adaptive_security_appliance_software:8.0.4 cpe:/a:cisco:adaptive_security_appliance_software:8.0.5 cpe:/a:cisco:adaptive_security_appliance_software:8.2%281%29 cpe:/a:cisco:adaptive_security_appliance_software:8.2%282%29 cpe:/a:cisco:adaptive_security_appliance_software:8.2%283%29 cpe:/a:cisco:adaptive_security_appliance_software:8.2%283.9%29 cpe:/a:cisco:adaptive_security_appliance_software:8.2%284%29 cpe:/a:cisco:adaptive_security_appliance_software:8.2.1 cpe:/a:cisco:adaptive_security_appliance_software:8.2.2 cpe:/a:cisco:adaptive_security_appliance_software:8.2.2:interim cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29 cpe:/h:cisco:5500_series_adaptive_security_appliance cpe:/h:cisco:asa_5500 cpe:/h:cisco:firewall_services_module cpe:/h:cisco:pix_500 cpe:/o:cisco:adaptive_security_appliance:8.1%281%29 cpe:/o:cisco:adaptive_security_appliance:8.1%282%29 cpe:/o:cisco:firewall_services_module_software:3.1 cpe:/o:cisco:firewall_services_module_software:3.1%285%29 cpe:/o:cisco:firewall_services_module_software:3.1%286%29 cpe:/o:cisco:firewall_services_module_software:3.1%2816%29 cpe:/o:cisco:firewall_services_module_software:3.1%2817%29 cpe:/o:cisco:firewall_services_module_software:3.1%2818%29 cpe:/o:cisco:firewall_services_module_software:3.1%2819%29 cpe:/o:cisco:firewall_services_module_software:3.2 cpe:/o:cisco:firewall_services_module_software:3.2%281%29 cpe:/o:cisco:firewall_services_module_software:3.2%282%29 cpe:/o:cisco:firewall_services_module_software:3.2%283%29 cpe:/o:cisco:firewall_services_module_software:3.2%2813%29 cpe:/o:cisco:firewall_services_module_software:3.2%2814%29 cpe:/o:cisco:firewall_services_module_software:3.2%2816%29 cpe:/o:cisco:firewall_services_module_software:4.0 cpe:/o:cisco:firewall_services_module_software:4.0%284%29 cpe:/o:cisco:firewall_services_module_software:4.0%286%29 cpe:/o:cisco:firewall_services_module_software:4.0%287%29 cpe:/o:cisco:firewall_services_module_software:4.0%288%29 cpe:/o:cisco:firewall_services_module_software:4.0%2810%29 cpe:/o:cisco:firewall_services_module_software:4.0%2811%29 cpe:/o:cisco:firewall_services_module_software:4.0%2812%29 cpe:/o:cisco:firewall_services_module_software:4.0%2813%29 cpe:/o:cisco:firewall_services_module_software:4.0%2814%29 cpe:/o:cisco:firewall_services_module_software:4.1 cpe:/o:cisco:firewall_services_module_software:4.1%281%29 cpe:/o:cisco:firewall_services_module_software:4.1%282%29 cpe:/o:cisco:firewall_services_module_software:4.1%283%29 cpe:/o:cisco:firewall_services_module_software:4.1%284%29

CVE-2011-0394

2011-02-25T07:00:19.213-05:00

2017-08-16T21:33:28.477-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability CISCO 20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances BID 46518 SECTRACK 1025108 SECTRACK 1025109 VUPEN ADV-2011-0493 VUPEN ADV-2011-0494 XF cisco-fwsm-sccp-dos(65593) Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5.1), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), 8.2 before 8.2(2.19), and 8.3 before 8.3(1.8); Cisco PIX Security Appliances 500 series devices; and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(20), 3.2 before 3.2(20), 4.0 before 4.0(15), and 4.1 before 4.1(5) allow remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug IDs CSCtg69457 and CSCtl84952.

cpe:/a:cisco:adaptive_security_appliance_software:8.0 cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29 cpe:/h:cisco:asa_5500 cpe:/h:cisco:asa_5505 cpe:/h:cisco:asa_5510 cpe:/h:cisco:asa_5520 cpe:/h:cisco:asa_5540 cpe:/h:cisco:asa_5550 cpe:/h:cisco:asa_5580 cpe:/h:cisco:pix_500 cpe:/h:cisco:pix_501 cpe:/h:cisco:pix_506e cpe:/h:cisco:pix_firewall_506 cpe:/h:cisco:pix_firewall_515 cpe:/h:cisco:pix_firewall_520 cpe:/h:cisco:pix_firewall_525 cpe:/h:cisco:pix_firewall_535 cpe:/o:cisco:adaptive_security_appliance:8.0%282%29 cpe:/o:cisco:adaptive_security_appliance:8.0%283%29 cpe:/o:cisco:adaptive_security_appliance:8.0%284%29 cpe:/o:cisco:adaptive_security_appliance:8.0%285%29 cpe:/o:cisco:adaptive_security_appliance:8.1%281%29 cpe:/o:cisco:adaptive_security_appliance:8.1%282%29 cpe:/o:cisco:adaptive_security_appliance:8.2 cpe:/o:cisco:adaptive_security_appliance:8.2%281%29 cpe:/o:cisco:adaptive_security_appliance:8.2%282%29 cpe:/o:cisco:adaptive_security_appliance:8.3

CVE-2011-0395

2011-02-25T07:00:19.260-05:00

2018-10-30T12:25:27.200-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances SECTRACK 1025108 VUPEN ADV-2011-0493 XF asa-rip-dos(65590) Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583.

CVE-2011-0396

2011-02-25T07:00:19.307-05:00

2018-10-30T12:25:27.200-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov CISCO 20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances SECTRACK 1025108 VUPEN ADV-2011-0493 XF asa-ca-unauth-access(65591) Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352.

CVE-2011-0398

2011-01-10T15:00:17.140-05:00

2017-08-16T21:33:28.667-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://dev.piwik.org/trac/ticket/567 CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-2/ BID 45787 XF piwik-piwikcommongetip-security-bypass(64641) The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.

CVE-2011-0399

2011-01-10T15:00:17.203-05:00

2017-08-16T21:33:28.727-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://dev.piwik.org/trac/ticket/1679 CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-2/ BID 45787 XF piwik-loginform-clickjacking(64640) Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2011-0400

2011-01-10T15:00:17.423-05:00

2017-08-16T21:33:28.807-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://dev.piwik.org/trac/ticket/1795 CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-2/ BID 45787 XF piwik-cookie-weak-security(64639) Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVE-2011-0401

2011-01-10T15:00:17.470-05:00

2017-08-16T21:33:28.870-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://dev.piwik.org/trac/ticket/1279#comment:13 CONFIRM http://dev.piwik.org/trac/ticket/1910 CONFIRM http://piwik.org/blog/2011/01/piwik-1-1-2/ BID 45787 XF piwik-sessions-dos(64638) Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions.

cpe:/a:debian:dpkg:1.9.19 cpe:/a:debian:dpkg:1.9.20 cpe:/a:debian:dpkg:1.9.21 cpe:/a:debian:dpkg:1.10 cpe:/a:debian:dpkg:1.10.1 cpe:/a:debian:dpkg:1.10.2 cpe:/a:debian:dpkg:1.10.3 cpe:/a:debian:dpkg:1.10.4 cpe:/a:debian:dpkg:1.10.5 cpe:/a:debian:dpkg:1.10.6 cpe:/a:debian:dpkg:1.10.7 cpe:/a:debian:dpkg:1.10.8 cpe:/a:debian:dpkg:1.10.9 cpe:/a:debian:dpkg:1.10.10 cpe:/a:debian:dpkg:1.10.11 cpe:/a:debian:dpkg:1.10.12 cpe:/a:debian:dpkg:1.10.13 cpe:/a:debian:dpkg:1.10.14 cpe:/a:debian:dpkg:1.10.15 cpe:/a:debian:dpkg:1.10.16 cpe:/a:debian:dpkg:1.10.17 cpe:/a:debian:dpkg:1.10.18 cpe:/a:debian:dpkg:1.10.18.1 cpe:/a:debian:dpkg:1.10.19 cpe:/a:debian:dpkg:1.10.20 cpe:/a:debian:dpkg:1.10.21 cpe:/a:debian:dpkg:1.10.22 cpe:/a:debian:dpkg:1.10.23 cpe:/a:debian:dpkg:1.10.24 cpe:/a:debian:dpkg:1.10.25 cpe:/a:debian:dpkg:1.10.26 cpe:/a:debian:dpkg:1.10.27 cpe:/a:debian:dpkg:1.10.28 cpe:/a:debian:dpkg:1.13.0 cpe:/a:debian:dpkg:1.13.1 cpe:/a:debian:dpkg:1.13.2 cpe:/a:debian:dpkg:1.13.3 cpe:/a:debian:dpkg:1.13.4 cpe:/a:debian:dpkg:1.13.5 cpe:/a:debian:dpkg:1.13.6 cpe:/a:debian:dpkg:1.13.7 cpe:/a:debian:dpkg:1.13.8 cpe:/a:debian:dpkg:1.13.9 cpe:/a:debian:dpkg:1.13.10 cpe:/a:debian:dpkg:1.13.11 cpe:/a:debian:dpkg:1.13.11.1 cpe:/a:debian:dpkg:1.13.12 cpe:/a:debian:dpkg:1.13.13 cpe:/a:debian:dpkg:1.13.14 cpe:/a:debian:dpkg:1.13.15 cpe:/a:debian:dpkg:1.13.16 cpe:/a:debian:dpkg:1.13.17 cpe:/a:debian:dpkg:1.13.18 cpe:/a:debian:dpkg:1.13.19 cpe:/a:debian:dpkg:1.13.20 cpe:/a:debian:dpkg:1.13.21 cpe:/a:debian:dpkg:1.13.22 cpe:/a:debian:dpkg:1.13.23 cpe:/a:debian:dpkg:1.13.24 cpe:/a:debian:dpkg:1.13.25 cpe:/a:debian:dpkg:1.14.0 cpe:/a:debian:dpkg:1.14.1 cpe:/a:debian:dpkg:1.14.2 cpe:/a:debian:dpkg:1.14.3 cpe:/a:debian:dpkg:1.14.4 cpe:/a:debian:dpkg:1.14.5 cpe:/a:debian:dpkg:1.14.6 cpe:/a:debian:dpkg:1.14.7 cpe:/a:debian:dpkg:1.14.8 cpe:/a:debian:dpkg:1.14.9 cpe:/a:debian:dpkg:1.14.10 cpe:/a:debian:dpkg:1.14.11 cpe:/a:debian:dpkg:1.14.12 cpe:/a:debian:dpkg:1.14.13 cpe:/a:debian:dpkg:1.14.14 cpe:/a:debian:dpkg:1.14.15 cpe:/a:debian:dpkg:1.14.16 cpe:/a:debian:dpkg:1.14.16.1 cpe:/a:debian:dpkg:1.14.16.2 cpe:/a:debian:dpkg:1.14.16.3 cpe:/a:debian:dpkg:1.14.16.4 cpe:/a:debian:dpkg:1.14.16.5 cpe:/a:debian:dpkg:1.14.16.6 cpe:/a:debian:dpkg:1.14.17 cpe:/a:debian:dpkg:1.14.18 cpe:/a:debian:dpkg:1.14.19 cpe:/a:debian:dpkg:1.14.20 cpe:/a:debian:dpkg:1.14.21 cpe:/a:debian:dpkg:1.14.22 cpe:/a:debian:dpkg:1.14.23 cpe:/a:debian:dpkg:1.14.24 cpe:/a:debian:dpkg:1.14.25 cpe:/a:debian:dpkg:1.14.26 cpe:/a:debian:dpkg:1.14.27 cpe:/a:debian:dpkg:1.14.28 cpe:/a:debian:dpkg:1.14.29 cpe:/a:debian:dpkg:1.14.30 cpe:/a:debian:dpkg:1.15.0 cpe:/a:debian:dpkg:1.15.1 cpe:/a:debian:dpkg:1.15.2 cpe:/a:debian:dpkg:1.15.3 cpe:/a:debian:dpkg:1.15.3.1 cpe:/a:debian:dpkg:1.15.4 cpe:/a:debian:dpkg:1.15.4.1 cpe:/a:debian:dpkg:1.15.5 cpe:/a:debian:dpkg:1.15.5.1 cpe:/a:debian:dpkg:1.15.5.2 cpe:/a:debian:dpkg:1.15.5.3 cpe:/a:debian:dpkg:1.15.5.4 cpe:/a:debian:dpkg:1.15.5.5 cpe:/a:debian:dpkg:1.15.5.6 cpe:/a:debian:dpkg:1.15.6 cpe:/a:debian:dpkg:1.15.6.1 cpe:/a:debian:dpkg:1.15.7 cpe:/a:debian:dpkg:1.15.7.1 cpe:/a:debian:dpkg:1.15.7.2 cpe:/a:debian:dpkg:1.15.8 cpe:/a:debian:dpkg:1.15.8.1 cpe:/a:debian:dpkg:1.15.8.2 cpe:/a:debian:dpkg:1.15.8.3 cpe:/a:debian:dpkg:1.15.8.4 cpe:/a:debian:dpkg:1.15.8.5 cpe:/a:debian:dpkg:1.15.8.6 cpe:/a:debian:dpkg:1.15.8.7 cpe:/a:debian:dpkg:1.15.8.8

CVE-2011-0402

2011-01-10T22:00:05.423-05:00

2017-08-16T21:33:28.947-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov FEDORA FEDORA-2011-0362 FEDORA FEDORA-2011-0345 DEBIAN DSA-2142 BID 45703 UBUNTU USN-1038-1 VUPEN ADV-2011-0040 VUPEN ADV-2011-0044 VUPEN ADV-2011-0196 XF dpkg-dpkgsource-symlink(64614) dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.

cpe:/a:imgburn:imgburn:1.0.0.0 cpe:/a:imgburn:imgburn:1.1.0.0 cpe:/a:imgburn:imgburn:1.2.0.0 cpe:/a:imgburn:imgburn:1.3.0.0 cpe:/a:imgburn:imgburn:2.0.0.0 cpe:/a:imgburn:imgburn:2.1.0.0 cpe:/a:imgburn:imgburn:2.2.0.0 cpe:/a:imgburn:imgburn:2.3.0.0 cpe:/a:imgburn:imgburn:2.3.1.0 cpe:/a:imgburn:imgburn:2.3.2.0 cpe:/a:imgburn:imgburn:2.4.0.0 cpe:/a:imgburn:imgburn:2.4.1.0 cpe:/a:imgburn:imgburn:2.4.2.0 cpe:/a:imgburn:imgburn:2.4.3.0 cpe:/a:imgburn:imgburn:2.4.4.0 cpe:/a:imgburn:imgburn:2.5.0.0 cpe:/a:imgburn:imgburn:2.5.1.0 cpe:/a:imgburn:imgburn:2.5.2.0 cpe:/a:imgburn:imgburn:2.5.3.0 cpe:/a:imgburn:imgburn:2.5.4.0

CVE-2011-0403

2011-01-10T22:00:05.483-05:00

2017-08-16T21:33:29.010-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MISC http://packetstormsecurity.org/files/view/97207/imgburn-dllhijack.txt BID 45657 XF imgburn-dll-code-execution(64478) Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.

cpe:/a:netsupport:netsupport_manager_agent:9.50::solaris cpe:/a:netsupport:netsupport_manager_agent:11.00::linux cpe:/a:netsupport:netsupport_manager_agent:11.00::mac_os_x

CVE-2011-0404

2011-01-10T22:00:05.877-05:00

2017-08-16T21:33:29.073-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FULLDISC 20110108 NetSupport Manager Agent Remote Buffer Overflow (Linux, Solaris, Mac, ...) EXPLOIT-DB 15937 EXPLOIT-DB 16838 MISC http://www.ikkisoft.com/stuff/netsupport_linux.txt BID 45728 SECTRACK 1024943 VUPEN ADV-2011-0062 XF netsupport-manager-client-bo(64546) Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.

cpe:/a:phpgedview:phpgedview:4.2.3

CVE-2011-0405

2011-01-10T22:00:05.953-05:00

2017-08-16T21:33:29.133-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://sourceforge.net/projects/phpgedview/forums/forum/185166/topic/4040059 CONFIRM http://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081 EXPLOIT-DB 15913 BID 45674 VUPEN ADV-2011-0036 XF phpgedview-module-file-include(64733) Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.

cpe:/a:wellintech:kingview:6.53

CVE-2011-0406

2011-01-10T22:00:06.000-05:00

2017-08-16T21:33:29.213-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SREASON 8134 MISC http://thesauceofutterpwnage.blogspot.com/2011/01/waking-up-sleeping-dragon.html MISC http://www.cnnvd.org.cn/showCnnvd.html?id=2011010108 EXPLOIT-DB 15957 CERT-VN VU#180119 CONFIRM http://www.kingview.com/news/detail.aspx?contentid=528 BID 45727 VUPEN ADV-2011-0063 XF kingview-historysvr-bo(64559) Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.

cpe:/a:phenotype-cms:phenotype_cms:3.0

CVE-2011-0407

2011-01-10T22:00:06.110-05:00

2018-10-10T16:09:47.327-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://www.htbridge.ch/advisory/sql_injection_in_phenotype_cms.html BUGTRAQ 20110106 SQL Injection in Phenotype CMS BID 45700 XF phenotypecms-uri-sql-injection(64538) SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.

cpe:/a:libpng:libpng:1.5.0

CVE-2011-0408

2011-01-18T13:03:08.423-05:00

2017-08-16T21:33:29.307-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov SECTRACK 1024955 CONFIRM http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement CERT-VN VU#643140 VUPEN ADV-2011-0080 XF libpng-pngsetrgbtogray-bo(64637) pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.

cpe:/a:collabnet:scrumworks:1.8.4:basic

CVE-2011-0410

2011-01-24T13:00:04.237-05:00

2017-08-16T21:33:29.370-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CERT-VN VU#547167 XF scrumworks-base64-info-disclosure(64883) CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database.

cpe:/a:postfix:postfix:2.4 cpe:/a:postfix:postfix:2.4.0 cpe:/a:postfix:postfix:2.4.1 cpe:/a:postfix:postfix:2.4.2 cpe:/a:postfix:postfix:2.4.3 cpe:/a:postfix:postfix:2.4.4 cpe:/a:postfix:postfix:2.4.5 cpe:/a:postfix:postfix:2.4.6 cpe:/a:postfix:postfix:2.4.7 cpe:/a:postfix:postfix:2.4.8 cpe:/a:postfix:postfix:2.4.9 cpe:/a:postfix:postfix:2.4.10 cpe:/a:postfix:postfix:2.4.11 cpe:/a:postfix:postfix:2.4.12 cpe:/a:postfix:postfix:2.4.13 cpe:/a:postfix:postfix:2.4.14 cpe:/a:postfix:postfix:2.4.15 cpe:/a:postfix:postfix:2.5.0 cpe:/a:postfix:postfix:2.5.1 cpe:/a:postfix:postfix:2.5.2 cpe:/a:postfix:postfix:2.5.3 cpe:/a:postfix:postfix:2.5.4 cpe:/a:postfix:postfix:2.5.5 cpe:/a:postfix:postfix:2.5.6 cpe:/a:postfix:postfix:2.5.7 cpe:/a:postfix:postfix:2.5.8 cpe:/a:postfix:postfix:2.5.9 cpe:/a:postfix:postfix:2.5.10 cpe:/a:postfix:postfix:2.5.11 cpe:/a:postfix:postfix:2.6 cpe:/a:postfix:postfix:2.6.0 cpe:/a:postfix:postfix:2.6.1 cpe:/a:postfix:postfix:2.6.2 cpe:/a:postfix:postfix:2.6.3 cpe:/a:postfix:postfix:2.6.4 cpe:/a:postfix:postfix:2.6.5 cpe:/a:postfix:postfix:2.6.6 cpe:/a:postfix:postfix:2.6.7 cpe:/a:postfix:postfix:2.6.8 cpe:/a:postfix:postfix:2.7.0 cpe:/a:postfix:postfix:2.7.1 cpe:/a:postfix:postfix:2.7.2

CVE-2011-0411

2011-03-16T18:55:02.717-04:00

2017-08-16T21:33:29.447-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 APPLE APPLE-SA-2011-10-12-3 FEDORA FEDORA-2011-3394 FEDORA FEDORA-2011-3355 SUSE SUSE-SR:2011:009 GENTOO GLSA-201206-33 SECTRACK 1025179 CONFIRM http://support.apple.com/kb/HT5002 DEBIAN DSA-2233 CERT-VN VU#555316 CONFIRM http://www.kb.cert.org/vuls/id/MORO-8ELH6Z CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html CONFIRM http://www.postfix.org/CVE-2011-0411.html REDHAT RHSA-2011:0422 REDHAT RHSA-2011:0423 BID 46767 VUPEN ADV-2011-0611 VUPEN ADV-2011-0752 VUPEN ADV-2011-0891 XF multiple-starttls-command-execution(65932) The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.

cpe:/o:sun:sunos:5.8 cpe:/o:sun:sunos:5.9 cpe:/o:sun:sunos:5.10

CVE-2011-0412

2011-04-19T15:55:01.767-04:00

2017-08-16T21:33:29.510-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CERT-VN VU#648244 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html BID 47171 VUPEN ADV-2011-0882 XF solaris-password-info-disclosure(66579) Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

cpe:/a:isc:dhcp:4.0 cpe:/a:isc:dhcp:4.0-esv cpe:/a:isc:dhcp:4.0.0 cpe:/a:isc:dhcp:4.0.1 cpe:/a:isc:dhcp:4.0.1:b1 cpe:/a:isc:dhcp:4.0.1:rc1 cpe:/a:isc:dhcp:4.0.2 cpe:/a:isc:dhcp:4.0.2:b1 cpe:/a:isc:dhcp:4.0.2:b2 cpe:/a:isc:dhcp:4.0.2:b3 cpe:/a:isc:dhcp:4.0.2:rc1 cpe:/a:isc:dhcp:4.0.3 cpe:/a:isc:dhcp:4.0.3:b1 cpe:/a:isc:dhcp:4.0.3:rc1 cpe:/a:isc:dhcp:4.1-esv cpe:/a:isc:dhcp:4.1.0 cpe:/a:isc:dhcp:4.1.1 cpe:/a:isc:dhcp:4.1.1:b1 cpe:/a:isc:dhcp:4.1.1:b2 cpe:/a:isc:dhcp:4.1.1:b3 cpe:/a:isc:dhcp:4.1.1:rc1 cpe:/a:isc:dhcp:4.1.2 cpe:/a:isc:dhcp:4.2.0 cpe:/a:isc:dhcp:4.2.0:a1 cpe:/a:isc:dhcp:4.2.0:a2 cpe:/a:isc:dhcp:4.2.0:b1 cpe:/a:isc:dhcp:4.2.0:b2 cpe:/a:isc:dhcp:4.2.0:p1 cpe:/a:isc:dhcp:4.2.0:rc1

CVE-2011-0413

2011-01-31T16:00:18.110-05:00

2017-08-16T21:33:29.587-04:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FEDORA FEDORA-2011-0862 SECTRACK 1024999 DEBIAN DSA-2184 CONFIRM http://www.isc.org/software/dhcp/advisories/cve-2011-0413 CERT-VN VU#686084 MANDRIVA MDVSA-2011:022 REDHAT RHSA-2011:0256 BID 46035 VUPEN ADV-2011-0235 VUPEN ADV-2011-0266 VUPEN ADV-2011-0300 VUPEN ADV-2011-0400 VUPEN ADV-2011-0583 XF dhcp-dhcpv6-dos(64959) CONFIRM https://kb.isc.org/article/AA-00456 The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.

cpe:/a:isc:bind:9.7.1 cpe:/a:isc:bind:9.7.1:p1 cpe:/a:isc:bind:9.7.1:p2 cpe:/a:isc:bind:9.7.1:rc1 cpe:/a:isc:bind:9.7.2 cpe:/a:isc:bind:9.7.2:p1 cpe:/a:isc:bind:9.7.2:p2 cpe:/a:isc:bind:9.7.2:p3 cpe:/a:isc:bind:9.7.2:rc1

CVE-2011-0414

2011-02-23T14:00:01.907-05:00

2018-10-30T12:26:56.437-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SUSE SUSE-SR:2011:005 DEBIAN DSA-2208 CONFIRM http://www.isc.org/software/bind/advisories/cve-2011-0414 CERT-VN VU#449980 CERT-VN VU#559980 SECTRACK 1025110 UBUNTU USN-1070-1 VUPEN ADV-2011-0466 VUPEN ADV-2011-0489 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=679496 ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

cpe:/a:pureftpd:pure-ftpd:0.90 cpe:/a:pureftpd:pure-ftpd:0.91 cpe:/a:pureftpd:pure-ftpd:0.92 cpe:/a:pureftpd:pure-ftpd:0.93 cpe:/a:pureftpd:pure-ftpd:0.94 cpe:/a:pureftpd:pure-ftpd:0.95 cpe:/a:pureftpd:pure-ftpd:0.95-pre1 cpe:/a:pureftpd:pure-ftpd:0.95-pre2 cpe:/a:pureftpd:pure-ftpd:0.95-pre3 cpe:/a:pureftpd:pure-ftpd:0.95-pre4 cpe:/a:pureftpd:pure-ftpd:0.95.1 cpe:/a:pureftpd:pure-ftpd:0.95.2 cpe:/a:pureftpd:pure-ftpd:0.96 cpe:/a:pureftpd:pure-ftpd:0.96.1 cpe:/a:pureftpd:pure-ftpd:0.96pre1 cpe:/a:pureftpd:pure-ftpd:0.97-final cpe:/a:pureftpd:pure-ftpd:0.97.1 cpe:/a:pureftpd:pure-ftpd:0.97.2 cpe:/a:pureftpd:pure-ftpd:0.97.3 cpe:/a:pureftpd:pure-ftpd:0.97.4 cpe:/a:pureftpd:pure-ftpd:0.97.5 cpe:/a:pureftpd:pure-ftpd:0.97.6 cpe:/a:pureftpd:pure-ftpd:0.97.7 cpe:/a:pureftpd:pure-ftpd:0.97.7pre1 cpe:/a:pureftpd:pure-ftpd:0.97.7pre2 cpe:/a:pureftpd:pure-ftpd:0.97.7pre3 cpe:/a:pureftpd:pure-ftpd:0.97pre1 cpe:/a:pureftpd:pure-ftpd:0.97pre2 cpe:/a:pureftpd:pure-ftpd:0.97pre3 cpe:/a:pureftpd:pure-ftpd:0.97pre4 cpe:/a:pureftpd:pure-ftpd:0.97pre5 cpe:/a:pureftpd:pure-ftpd:0.98-final cpe:/a:pureftpd:pure-ftpd:0.98.1 cpe:/a:pureftpd:pure-ftpd:0.98.2 cpe:/a:pureftpd:pure-ftpd:0.98.2a cpe:/a:pureftpd:pure-ftpd:0.98.3 cpe:/a:pureftpd:pure-ftpd:0.98.4 cpe:/a:pureftpd:pure-ftpd:0.98.5 cpe:/a:pureftpd:pure-ftpd:0.98.6 cpe:/a:pureftpd:pure-ftpd:0.98.7 cpe:/a:pureftpd:pure-ftpd:0.98pre1 cpe:/a:pureftpd:pure-ftpd:0.98pre2 cpe:/a:pureftpd:pure-ftpd:0.99 cpe:/a:pureftpd:pure-ftpd:0.99.1 cpe:/a:pureftpd:pure-ftpd:0.99.1a cpe:/a:pureftpd:pure-ftpd:0.99.1b cpe:/a:pureftpd:pure-ftpd:0.99.2 cpe:/a:pureftpd:pure-ftpd:0.99.2a cpe:/a:pureftpd:pure-ftpd:0.99.3 cpe:/a:pureftpd:pure-ftpd:0.99.4 cpe:/a:pureftpd:pure-ftpd:0.99.9 cpe:/a:pureftpd:pure-ftpd:0.99a cpe:/a:pureftpd:pure-ftpd:0.99b cpe:/a:pureftpd:pure-ftpd:0.99pre1 cpe:/a:pureftpd:pure-ftpd:0.99pre2 cpe:/a:pureftpd:pure-ftpd:1.0.0 cpe:/a:pureftpd:pure-ftpd:1.0.1 cpe:/a:pureftpd:pure-ftpd:1.0.2 cpe:/a:pureftpd:pure-ftpd:1.0.3 cpe:/a:pureftpd:pure-ftpd:1.0.4 cpe:/a:pureftpd:pure-ftpd:1.0.5 cpe:/a:pureftpd:pure-ftpd:1.0.6 cpe:/a:pureftpd:pure-ftpd:1.0.7 cpe:/a:pureftpd:pure-ftpd:1.0.8 cpe:/a:pureftpd:pure-ftpd:1.0.9 cpe:/a:pureftpd:pure-ftpd:1.0.10 cpe:/a:pureftpd:pure-ftpd:1.0.11 cpe:/a:pureftpd:pure-ftpd:1.0.12 cpe:/a:pureftpd:pure-ftpd:1.0.13a cpe:/a:pureftpd:pure-ftpd:1.0.14 cpe:/a:pureftpd:pure-ftpd:1.0.15 cpe:/a:pureftpd:pure-ftpd:1.0.16a cpe:/a:pureftpd:pure-ftpd:1.0.16b cpe:/a:pureftpd:pure-ftpd:1.0.16c cpe:/a:pureftpd:pure-ftpd:1.0.17 cpe:/a:pureftpd:pure-ftpd:1.0.17a cpe:/a:pureftpd:pure-ftpd:1.0.18 cpe:/a:pureftpd:pure-ftpd:1.0.19 cpe:/a:pureftpd:pure-ftpd:1.0.20 cpe:/a:pureftpd:pure-ftpd:1.0.21 cpe:/a:pureftpd:pure-ftpd:1.0.22 cpe:/a:pureftpd:pure-ftpd:1.0.24 cpe:/a:pureftpd:pure-ftpd:1.0.25 cpe:/a:pureftpd:pure-ftpd:1.0.26 cpe:/a:pureftpd:pure-ftpd:1.0.27 cpe:/a:pureftpd:pure-ftpd:1.0.28 cpe:/a:pureftpd:pure-ftpd:1.0.29 cpe:/a:pureftpd:pure-ftpd:1.0.30 cpe:/a:pureftpd:pure-ftpd:1.0.31 cpe:/o:netbsd:netbsd:5.1

CVE-2011-0418

2011-05-24T19:55:01.653-04:00

2011-09-21T23:28:09.147-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c#rev1.28 CONFIRM http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.27&r2=1.28&f=h SREASONRES 20110502 Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT memory exhaustion SREASON 8228 MANDRIVA MDVSA-2011:094 CONFIRM http://www.pureftpd.org/project/pure-ftpd/news BID 47671 VUPEN ADV-2011-1273 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=704283 The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

cpe:/a:apache:http_server:0.8.11 cpe:/a:apache:http_server:0.8.14 cpe:/a:apache:http_server:1.0 cpe:/a:apache:http_server:1.0.2 cpe:/a:apache:http_server:1.0.3 cpe:/a:apache:http_server:1.0.5 cpe:/a:apache:http_server:1.1 cpe:/a:apache:http_server:1.1.1 cpe:/a:apache:http_server:1.2 cpe:/a:apache:http_server:1.2.4 cpe:/a:apache:http_server:1.2.5 cpe:/a:apache:http_server:1.2.6 cpe:/a:apache:http_server:1.2.9 cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:1.3.0 cpe:/a:apache:http_server:1.3.1 cpe:/a:apache:http_server:1.3.1.1 cpe:/a:apache:http_server:1.3.2 cpe:/a:apache:http_server:1.3.3 cpe:/a:apache:http_server:1.3.4 cpe:/a:apache:http_server:1.3.5 cpe:/a:apache:http_server:1.3.6 cpe:/a:apache:http_server:1.3.7 cpe:/a:apache:http_server:1.3.8 cpe:/a:apache:http_server:1.3.9 cpe:/a:apache:http_server:1.3.10 cpe:/a:apache:http_server:1.3.11 cpe:/a:apache:http_server:1.3.12 cpe:/a:apache:http_server:1.3.13 cpe:/a:apache:http_server:1.3.14 cpe:/a:apache:http_server:1.3.15 cpe:/a:apache:http_server:1.3.16 cpe:/a:apache:http_server:1.3.17 cpe:/a:apache:http_server:1.3.18 cpe:/a:apache:http_server:1.3.19 cpe:/a:apache:http_server:1.3.20 cpe:/a:apache:http_server:1.3.22 cpe:/a:apache:http_server:1.3.23 cpe:/a:apache:http_server:1.3.24 cpe:/a:apache:http_server:1.3.25 cpe:/a:apache:http_server:1.3.26 cpe:/a:apache:http_server:1.3.27 cpe:/a:apache:http_server:1.3.28 cpe:/a:apache:http_server:1.3.29 cpe:/a:apache:http_server:1.3.30 cpe:/a:apache:http_server:1.3.31 cpe:/a:apache:http_server:1.3.32 cpe:/a:apache:http_server:1.3.33 cpe:/a:apache:http_server:1.3.34 cpe:/a:apache:http_server:1.3.35 cpe:/a:apache:http_server:1.3.36 cpe:/a:apache:http_server:1.3.37 cpe:/a:apache:http_server:1.3.38 cpe:/a:apache:http_server:1.3.39 cpe:/a:apache:http_server:1.3.41 cpe:/a:apache:http_server:1.3.42 cpe:/a:apache:http_server:1.3.65 cpe:/a:apache:http_server:1.3.68 cpe:/a:apache:http_server:1.4.0 cpe:/a:apache:http_server:1.99 cpe:/a:apache:http_server:2.0 cpe:/a:apache:http_server:2.0.9 cpe:/a:apache:http_server:2.0.28 cpe:/a:apache:http_server:2.0.28:beta cpe:/a:apache:http_server:2.0.32 cpe:/a:apache:http_server:2.0.32:beta cpe:/a:apache:http_server:2.0.34:beta cpe:/a:apache:http_server:2.0.35 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:2.0.38 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.49 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.0.56 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:2.0.59 cpe:/a:apache:http_server:2.0.60 cpe:/a:apache:http_server:2.0.61 cpe:/a:apache:http_server:2.0.63 cpe:/a:apache:http_server:2.1 cpe:/a:apache:http_server:2.1.1 cpe:/a:apache:http_server:2.1.2 cpe:/a:apache:http_server:2.1.3 cpe:/a:apache:http_server:2.1.4 cpe:/a:apache:http_server:2.1.5 cpe:/a:apache:http_server:2.1.6 cpe:/a:apache:http_server:2.1.7 cpe:/a:apache:http_server:2.1.8 cpe:/a:apache:http_server:2.1.9 cpe:/a:apache:http_server:2.2 cpe:/a:apache:http_server:2.2.0 cpe:/a:apache:http_server:2.2.1 cpe:/a:apache:http_server:2.2.2 cpe:/a:apache:http_server:2.2.3 cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.2.6 cpe:/a:apache:http_server:2.2.8 cpe:/a:apache:http_server:2.2.9 cpe:/a:apache:http_server:2.2.10 cpe:/a:apache:http_server:2.2.11 cpe:/a:apache:http_server:2.2.12 cpe:/a:apache:http_server:2.2.13 cpe:/a:apache:http_server:2.2.14 cpe:/a:apache:http_server:2.2.15 cpe:/a:apache:http_server:2.2.16 cpe:/a:apache:http_server:2.2.17 cpe:/a:apache:portable_runtime:0.9.1 cpe:/a:apache:portable_runtime:0.9.2 cpe:/a:apache:portable_runtime:0.9.2-dev cpe:/a:apache:portable_runtime:0.9.3 cpe:/a:apache:portable_runtime:0.9.3-dev cpe:/a:apache:portable_runtime:0.9.4 cpe:/a:apache:portable_runtime:0.9.5 cpe:/a:apache:portable_runtime:0.9.6 cpe:/a:apache:portable_runtime:0.9.7 cpe:/a:apache:portable_runtime:0.9.7-dev cpe:/a:apache:portable_runtime:0.9.8 cpe:/a:apache:portable_runtime:0.9.9 cpe:/a:apache:portable_runtime:0.9.16-dev cpe:/a:apache:portable_runtime:1.3.0 cpe:/a:apache:portable_runtime:1.3.1 cpe:/a:apache:portable_runtime:1.3.2 cpe:/a:apache:portable_runtime:1.3.3 cpe:/a:apache:portable_runtime:1.3.4 cpe:/a:apache:portable_runtime:1.3.4-dev cpe:/a:apache:portable_runtime:1.3.5 cpe:/a:apache:portable_runtime:1.3.6 cpe:/a:apache:portable_runtime:1.3.6-dev cpe:/a:apache:portable_runtime:1.3.7 cpe:/a:apache:portable_runtime:1.3.8 cpe:/a:apache:portable_runtime:1.3.9 cpe:/a:apache:portable_runtime:1.3.10 cpe:/a:apache:portable_runtime:1.3.11 cpe:/a:apache:portable_runtime:1.3.12 cpe:/a:apache:portable_runtime:1.3.13 cpe:/a:apache:portable_runtime:1.4.0 cpe:/a:apache:portable_runtime:1.4.1 cpe:/a:apache:portable_runtime:1.4.2 cpe:/o:apple:mac_os_x:10.6.0 cpe:/o:freebsd:freebsd cpe:/o:google:android cpe:/o:netbsd:netbsd:5.1 cpe:/o:openbsd:openbsd:4.8 cpe:/o:oracle:solaris:10

CVE-2011-0419

2011-05-16T13:55:02.387-04:00

2018-01-05T21:29:01.253-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 MISC http://cxib.net/stuff/apache.fnmatch.phps MISC http://cxib.net/stuff/apr_fnmatch.txts CONFIRM http://httpd.apache.org/security/vulnerabilities_22.html APPLE APPLE-SA-2011-10-12-3 SUSE SUSE-SU-2011:1229 HP HPSBUX02702 HP HPSBUX02707 HP SSRT100619 HP SSRT100966 SECUNIA 48308 SREASONRES 20110512 Multiple Vendors libc/fnmatch(3) DoS (incl apache) SREASON 8246 SECTRACK 1025527 CONFIRM http://support.apple.com/kb/HT5002 CONFIRM http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902 CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1098188 CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1098799 CONFIRM http://www.apache.org/dist/apr/Announcement1.x.html CONFIRM http://www.apache.org/dist/apr/CHANGES-APR-1.4 CONFIRM http://www.apache.org/dist/httpd/Announcement2.2.html DEBIAN DSA-2237 MLIST [dev] 20110510 Re: fnmatch rewrite in apr, apr 1.4.3 MLIST [dev] 20110510 Re: Apache Portable Runtime 1.4.4 [...] Released MLIST [dev] 20110511 Re: Apache Portable Runtime 1.4.4 [...] Released MANDRIVA MDVSA-2011:084 MANDRIVA MDVSA-2013:150 CONFIRM http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15 CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html CONFIRM http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html REDHAT RHSA-2011:0507 REDHAT RHSA-2011:0896 REDHAT RHSA-2011:0897 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=703390 MLIST [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html MLIST [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

cpe:/a:php:php:5.3.5

CVE-2011-0420

2011-02-18T20:00:02.933-05:00

2018-10-10T16:09:47.890-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov APPLE APPLE-SA-2011-10-12-3 SREASONRES 20110217 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference SREASON 8087 CONFIRM http://support.apple.com/kb/HT5002 MISC http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449 DEBIAN DSA-2266 EXPLOIT-DB 16182 CERT-VN VU#210829 BUGTRAQ 20110216 PHP 5.3.5 grapheme_extract() NULL Pointer Dereference BUGTRAQ 20110217 Re: PHP 5.3.5 grapheme_extract() NULL Pointer Dereference BID 46429 XF php-graphemeextract-dos(65437) The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

cpe:/a:php:php:1.0 cpe:/a:php:php:2.0 cpe:/a:php:php:2.0b10 cpe:/a:php:php:3.0 cpe:/a:php:php:3.0.1 cpe:/a:php:php:3.0.2 cpe:/a:php:php:3.0.3 cpe:/a:php:php:3.0.4 cpe:/a:php:php:3.0.5 cpe:/a:php:php:3.0.6 cpe:/a:php:php:3.0.7 cpe:/a:php:php:3.0.8 cpe:/a:php:php:3.0.9 cpe:/a:php:php:3.0.10 cpe:/a:php:php:3.0.11 cpe:/a:php:php:3.0.12 cpe:/a:php:php:3.0.13 cpe:/a:php:php:3.0.14 cpe:/a:php:php:3.0.15 cpe:/a:php:php:3.0.16 cpe:/a:php:php:3.0.17 cpe:/a:php:php:3.0.18 cpe:/a:php:php:4.0 cpe:/a:php:php:4.0:beta1 cpe:/a:php:php:4.0:beta2 cpe:/a:php:php:4.0:beta3 cpe:/a:php:php:4.0:beta4 cpe:/a:php:php:4.0:beta_4_patch1 cpe:/a:php:php:4.0.0 cpe:/a:php:php:4.0.1 cpe:/a:php:php:4.0.2 cpe:/a:php:php:4.0.3 cpe:/a:php:php:4.0.4 cpe:/a:php:php:4.0.5 cpe:/a:php:php:4.0.6 cpe:/a:php:php:4.0.7 cpe:/a:php:php:4.1.0 cpe:/a:php:php:4.1.1 cpe:/a:php:php:4.1.2 cpe:/a:php:php:4.2.0 cpe:/a:php:php:4.2.1 cpe:/a:php:php:4.2.2 cpe:/a:php:php:4.2.3 cpe:/a:php:php:4.3.0 cpe:/a:php:php:4.3.1 cpe:/a:php:php:4.3.2 cpe:/a:php:php:4.3.3 cpe:/a:php:php:4.3.4 cpe:/a:php:php:4.3.5 cpe:/a:php:php:4.3.6 cpe:/a:php:php:4.3.7 cpe:/a:php:php:4.3.8 cpe:/a:php:php:4.3.9 cpe:/a:php:php:4.3.10 cpe:/a:php:php:4.3.11 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.3 cpe:/a:php:php:4.4.4 cpe:/a:php:php:4.4.5 cpe:/a:php:php:4.4.6 cpe:/a:php:php:4.4.7 cpe:/a:php:php:4.4.8 cpe:/a:php:php:4.4.9 cpe:/a:php:php:5.0.0 cpe:/a:php:php:5.0.0:beta1 cpe:/a:php:php:5.0.0:beta2 cpe:/a:php:php:5.0.0:beta3 cpe:/a:php:php:5.0.0:beta4 cpe:/a:php:php:5.0.0:rc1 cpe:/a:php:php:5.0.0:rc2 cpe:/a:php:php:5.0.0:rc3 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.1.3 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.4::windows cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.6 cpe:/a:php:php:5.2.7 cpe:/a:php:php:5.2.8 cpe:/a:php:php:5.2.9 cpe:/a:php:php:5.2.10 cpe:/a:php:php:5.2.11 cpe:/a:php:php:5.2.12 cpe:/a:php:php:5.2.13 cpe:/a:php:php:5.2.14 cpe:/a:php:php:5.2.15 cpe:/a:php:php:5.2.16 cpe:/a:php:php:5.2.17 cpe:/a:php:php:5.3.0 cpe:/a:php:php:5.3.1 cpe:/a:php:php:5.3.2 cpe:/a:php:php:5.3.3 cpe:/a:php:php:5.3.4 cpe:/a:php:php:5.3.5

CVE-2011-0421

2011-03-19T22:00:03.377-04:00

2018-10-30T12:26:21.043-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://bugs.php.net/bug.php?id=53885 APPLE APPLE-SA-2011-10-12-3 FEDORA FEDORA-2011-3636 FEDORA FEDORA-2011-3666 FEDORA FEDORA-2011-3614 SUSE SUSE-SR:2011:009 HP HPSBOV02763 SREASONRES 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) SREASON 8146 CONFIRM http://support.apple.com/kb/HT5002 CONFIRM http://svn.php.net/viewvc/?view=revision&revision=307867 DEBIAN DSA-2266 EXPLOIT-DB 17004 MANDRIVA MDVSA-2011:052 MANDRIVA MDVSA-2011:053 MANDRIVA MDVSA-2011:099 CONFIRM http://www.php.net/archive/2011.php CONFIRM http://www.php.net/ChangeLog-5.php CONFIRM http://www.php.net/releases/5_3_6.php BUGTRAQ 20110318 libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5) BID 46354 VUPEN ADV-2011-0744 VUPEN ADV-2011-0764 VUPEN ADV-2011-0890 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=688735 XF libzip-zipnamelocate-dos(66173) The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

cpe:/a:polyvision:roomwizard_firmware:3.2.3 cpe:/h:polyvision:roomwizard

CVE-2011-0423

2011-01-11T20:00:02.353-05:00

2017-08-16T21:33:29.853-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov MISC http://packetstormsecurity.org/files/view/97291/roomwizard-disclose.txt FULLDISC 20110106 RoomWizard Default Password and Sync Connector Credential Leak [CVE-2010-0214] CERT-VN VU#870601 BID 45699 VUPEN ADV-2011-0059 XF roomwizard-password-security-bypass(64543) XF roomwizard-default-password(64642) The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214.

cpe:/a:vmware:vcenter:4.0 cpe:/a:vmware:vcenter:4.0:update_1 cpe:/a:vmware:vcenter:4.0:update_2 cpe:/a:vmware:vcenter:4.1 cpe:/a:vmware:virtualcenter:2.5:update_1 cpe:/a:vmware:virtualcenter:2.5:update_2 cpe:/a:vmware:virtualcenter:2.5:update_3 cpe:/a:vmware:virtualcenter:2.5:update_4 cpe:/a:vmware:virtualcenter:2.5:update_5 cpe:/a:vmware:virtualcenter:2.5:update_6

CVE-2011-0426

2011-05-09T18:55:01.333-04:00

2011-05-27T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-05-10T13:32:00.000-04:00

MLIST [security-announce] 20110505 VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities SECTRACK 1025502 CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0008.html Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2011-0427

2011-01-19T07:00:19.750-05:00

2017-08-16T21:33:29.930-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov MLIST [or-announce] 20110117 Tor 0.2.1.29 is released (security patches) CONFIRM http://blog.torproject.org/blog/tor-02129-released-security-patches DEBIAN DSA-2148 BID 45832 SECTRACK 1024980 VUPEN ADV-2011-0131 VUPEN ADV-2011-0132 XF tor-unspec-bo(64748) CONFIRM https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

cpe:/a:openafs:openafs:1.4.7 cpe:/a:openafs:openafs:1.4.12 cpe:/a:openafs:openafs:1.4.14

CVE-2011-0430

2011-02-18T20:00:03.057-05:00

2013-07-10T16:01:02.203-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov DEBIAN DSA-2168 BID 46428 SECTRACK 1025095 VUPEN ADV-2011-0410 VUPEN ADV-2011-0411 Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors.

cpe:/a:openafs:openafs:1.4.7 cpe:/a:openafs:openafs:1.4.12 cpe:/a:openafs:openafs:1.4.14

CVE-2011-0431

2011-02-18T20:00:03.167-05:00

2011-03-10T22:50:41.113-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov DEBIAN DSA-2168 BID 46428 SECTRACK 1025095 VUPEN ADV-2011-0410 VUPEN ADV-2011-0411 The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.

cpe:/a:simon_pamies:pywebdav:0.3 cpe:/a:simon_pamies:pywebdav:0.5 cpe:/a:simon_pamies:pywebdav:0.5.1 cpe:/a:simon_pamies:pywebdav:0.6 cpe:/a:simon_pamies:pywebdav:0.7 cpe:/a:simon_pamies:pywebdav:0.8 cpe:/a:simon_pamies:pywebdav:0.9.1 cpe:/a:simon_pamies:pywebdav:0.9.2 cpe:/a:simon_pamies:pywebdav:0.9.3 cpe:/a:simon_pamies:pywebdav:0.9.4

CVE-2011-0432

2011-03-14T15:55:00.777-04:00

2011-03-15T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-03-15T09:08:00.000-04:00

CONFIRM http://code.google.com/p/pywebdav/updates/list FEDORA FEDORA-2011-2460 FEDORA FEDORA-2011-2470 FEDORA FEDORA-2011-2427 CONFIRM http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz DEBIAN DSA-2177 BID 46655 VUPEN ADV-2011-0553 VUPEN ADV-2011-0554 VUPEN ADV-2011-0634 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=677718 Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.

cpe:/a:gnome:evince:- cpe:/a:t1lib:t1lib cpe:/a:tetex:tetex:3.0

CVE-2011-0433

2012-11-19T07:10:48.477-05:00

2017-06-30T21:29:00.700-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov REDHAT RHSA-2012:1201 MANDRIVA MDVSA-2012:144 MISC http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/ CONFIRM https://bugzilla.gnome.org/show_bug.cgi?id=640923 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=679732 GENTOO GLSA-201701-57 Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

cpe:/a:gplhost:domain_technologie_control:0.24.6 cpe:/a:gplhost:domain_technologie_control:0.25.1 cpe:/a:gplhost:domain_technologie_control:0.25.2 cpe:/a:gplhost:domain_technologie_control:0.25.3 cpe:/a:gplhost:domain_technologie_control:0.26.7 cpe:/a:gplhost:domain_technologie_control:0.26.8 cpe:/a:gplhost:domain_technologie_control:0.26.9 cpe:/a:gplhost:domain_technologie_control:0.27.3 cpe:/a:gplhost:domain_technologie_control:0.28.2 cpe:/a:gplhost:domain_technologie_control:0.28.3 cpe:/a:gplhost:domain_technologie_control:0.28.4 cpe:/a:gplhost:domain_technologie_control:0.28.6 cpe:/a:gplhost:domain_technologie_control:0.28.9 cpe:/a:gplhost:domain_technologie_control:0.28.10 cpe:/a:gplhost:domain_technologie_control:0.29.1 cpe:/a:gplhost:domain_technologie_control:0.29.6 cpe:/a:gplhost:domain_technologie_control:0.29.8 cpe:/a:gplhost:domain_technologie_control:0.29.10 cpe:/a:gplhost:domain_technologie_control:0.29.14 cpe:/a:gplhost:domain_technologie_control:0.29.15 cpe:/a:gplhost:domain_technologie_control:0.29.16 cpe:/a:gplhost:domain_technologie_control:0.29.17 cpe:/a:gplhost:domain_technologie_control:0.30.6 cpe:/a:gplhost:domain_technologie_control:0.30.8 cpe:/a:gplhost:domain_technologie_control:0.30.10 cpe:/a:gplhost:domain_technologie_control:0.30.18 cpe:/a:gplhost:domain_technologie_control:0.30.20 cpe:/a:gplhost:domain_technologie_control:0.32.1 cpe:/a:gplhost:domain_technologie_control:0.32.2 cpe:/a:gplhost:domain_technologie_control:0.32.3 cpe:/a:gplhost:domain_technologie_control:0.32.4 cpe:/a:gplhost:domain_technologie_control:0.32.5 cpe:/a:gplhost:domain_technologie_control:0.32.6 cpe:/a:gplhost:domain_technologie_control:0.32.7 cpe:/a:gplhost:domain_technologie_control:0.32.8

CVE-2011-0434

2011-03-07T16:00:01.610-05:00

2017-08-16T21:33:30.010-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162 CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog DEBIAN DSA-2179 MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update VUPEN ADV-2011-0556 XF dtc-cid-sql-injection(65895) Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.

CVE-2011-0435

2011-03-07T16:00:01.673-05:00

2017-08-16T21:33:30.087-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=89da9c519b04cda1b23e6290d2b0a6cea1bae31e CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=e94e8b9cc354bfcaeb284d5331b815256bb46162 CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog DEBIAN DSA-2179 MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update VUPEN ADV-2011-0556 XF dtc-bwpermonth-info-disc(65896) Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.

CVE-2011-0436

2011-03-07T16:00:01.860-05:00

2017-08-16T21:33:30.150-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302 CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0 CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285 MLIST [oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog DEBIAN DSA-2179 MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update VUPEN ADV-2011-0556 XF dtc-passwords-info-disc(65898) The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

CVE-2011-0437

2011-03-07T16:00:01.907-05:00

2017-08-16T21:33:30.213-04:00

4.0

NETWORK

LOW

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0 CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog DEBIAN DSA-2179 MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update VUPEN ADV-2011-0556 XF dtc-ssh-sec-bypass(65897) shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action.

cpe:/a:arthurdejong:nss-pam-ldapd:0.8.0

CVE-2011-0438

2011-03-15T13:55:03.250-04:00

2017-08-16T21:33:30.290-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://arthurdejong.org/nss-pam-ldapd/news.html#20110309 MISC http://lists.arthurdejong.org/nss-pam-ldapd-announce/2011/attachments/txtVf3rHgt8qQ.txt MLIST [nss-pam-ldapd-announce] 20110309 nss-pam-ldapd security advisory (CVE-2011-0438) SREASON 8132 BID 46819 XF nsspamldapd-pam-sec-bypass(66028) nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.

cpe:/a:mahara:mahara:1.2.0 cpe:/a:mahara:mahara:1.2.0:alpha1 cpe:/a:mahara:mahara:1.2.0:alpha2 cpe:/a:mahara:mahara:1.2.0:alpha3 cpe:/a:mahara:mahara:1.2.0:beta1 cpe:/a:mahara:mahara:1.2.0:beta2 cpe:/a:mahara:mahara:1.2.0:beta3 cpe:/a:mahara:mahara:1.2.0:beta4 cpe:/a:mahara:mahara:1.2.0:rc1 cpe:/a:mahara:mahara:1.2.1 cpe:/a:mahara:mahara:1.2.2 cpe:/a:mahara:mahara:1.2.3 cpe:/a:mahara:mahara:1.2.4 cpe:/a:mahara:mahara:1.2.5 cpe:/a:mahara:mahara:1.2.6 cpe:/a:mahara:mahara:1.3.0 cpe:/a:mahara:mahara:1.3.0:beta1 cpe:/a:mahara:mahara:1.3.0:beta2 cpe:/a:mahara:mahara:1.3.0:beta3 cpe:/a:mahara:mahara:1.3.0:beta4 cpe:/a:mahara:mahara:1.3.0:rc1 cpe:/a:mahara:mahara:1.3.1 cpe:/a:mahara:mahara:1.3.2 cpe:/a:mahara:mahara:1.3.3

CVE-2011-0439

2011-03-28T12:55:04.153-04:00

2017-08-16T21:33:30.353-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov CONFIRM http://mahara.org/interaction/forum/topic.php?id=3205 CONFIRM http://mahara.org/interaction/forum/topic.php?id=3208 DEBIAN DSA-2206 BID 47033 XF mahara-pieform-xss(66327) Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.

CVE-2011-0440

2011-03-28T12:55:04.233-04:00

2017-08-16T21:33:30.417-04:00

5.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://mahara.org/interaction/forum/topic.php?id=3206 CONFIRM http://mahara.org/interaction/forum/topic.php?id=3208 DEBIAN DSA-2206 BID 47033 XF mahara-blogposts-csrf(66326) Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.

cpe:/a:php:php:5.3.5

CVE-2011-0441

2011-03-29T14:55:01.537-04:00

2017-08-16T21:33:30.463-04:00

6.3

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618489 CONFIRM http://git.debian.org/?p=pkg-php/php.git;a=commit;h=d09fd04ed7bfcf7f008360c6a42025108925df09 MANDRIVA MDVSA-2011:069 BID 46928 VUPEN ADV-2011-0910 XF php-php5common-file-deletion(66180) The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.

cpe:/a:emc:avamar:5.0 cpe:/a:emc:avamar:5.0:sp1 cpe:/a:emc:avamar:5.0.0-407

CVE-2011-0442

2011-03-16T18:55:02.763-04:00

2018-10-09T15:29:05.500-04:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

NONE

http://nvd.nist.gov SREASON 8139 BUGTRAQ 20110315 ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability BID 46879 SECTRACK 1025213 VUPEN ADV-2011-0677 VUPEN ADV-2011-0678 XF avamar-service-utility-info-disclosure(66109) The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.

cpe:/a:tinybb:tinybb:1.2

CVE-2011-0443

2011-01-12T20:00:02.287-05:00

2017-08-16T21:33:30.587-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://tinybb.net/forum/?page=thread&post=989525101 EXPLOIT-DB 15961 BID 45737 SECTRACK 1024949 XF tinybb-index-sql-injection(64570) SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.

cpe:/a:wireshark:wireshark:1.2 cpe:/a:wireshark:wireshark:1.2.0 cpe:/a:wireshark:wireshark:1.2.1 cpe:/a:wireshark:wireshark:1.2.2 cpe:/a:wireshark:wireshark:1.2.3 cpe:/a:wireshark:wireshark:1.2.4 cpe:/a:wireshark:wireshark:1.2.5 cpe:/a:wireshark:wireshark:1.2.6 cpe:/a:wireshark:wireshark:1.2.7 cpe:/a:wireshark:wireshark:1.2.8 cpe:/a:wireshark:wireshark:1.2.9 cpe:/a:wireshark:wireshark:1.2.10 cpe:/a:wireshark:wireshark:1.2.11 cpe:/a:wireshark:wireshark:1.2.12 cpe:/a:wireshark:wireshark:1.2.13 cpe:/a:wireshark:wireshark:1.4.0 cpe:/a:wireshark:wireshark:1.4.1 cpe:/a:wireshark:wireshark:1.4.2

CVE-2011-0444

2011-01-12T20:00:02.553-05:00

2017-09-18T21:31:59.990-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov FEDORA FEDORA-2011-0450 FEDORA FEDORA-2011-0460 MANDRIVA MDVSA-2011:007 REDHAT RHSA-2011:0369 BID 45775 VUPEN ADV-2011-0079 VUPEN ADV-2011-0104 VUPEN ADV-2011-0270 VUPEN ADV-2011-0719 CONFIRM http://www.wireshark.org/security/wnpa-sec-2011-01.html CONFIRM http://www.wireshark.org/security/wnpa-sec-2011-02.html MISC https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5676 CONFIRM https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5530 XF wireshark-maclte-bo(64624) Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.

cpe:/a:wireshark:wireshark:1.4.0 cpe:/a:wireshark:wireshark:1.4.1 cpe:/a:wireshark:wireshark:1.4.2

CVE-2011-0445

2011-01-12T20:00:02.617-05:00

2017-09-18T21:32:00.050-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov FEDORA FEDORA-2011-0450 FEDORA FEDORA-2011-0460 BID 45775 VUPEN ADV-2011-0079 VUPEN ADV-2011-0270 CONFIRM http://www.wireshark.org/security/wnpa-sec-2011-02.html CONFIRM https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5537 XF wireshark-asn1ber-dissector-dos(64625) The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.

cpe:/a:rubyonrails:rails:2.0.0 cpe:/a:rubyonrails:rails:2.0.0:rc1 cpe:/a:rubyonrails:rails:2.0.0:rc2 cpe:/a:rubyonrails:rails:2.0.1 cpe:/a:rubyonrails:rails:2.0.2 cpe:/a:rubyonrails:rails:2.0.4 cpe:/a:rubyonrails:rails:2.1.0 cpe:/a:rubyonrails:rails:2.1.1 cpe:/a:rubyonrails:rails:2.1.2 cpe:/a:rubyonrails:rails:2.2.0 cpe:/a:rubyonrails:rails:2.2.1 cpe:/a:rubyonrails:rails:2.2.2 cpe:/a:rubyonrails:rails:2.3.2 cpe:/a:rubyonrails:rails:2.3.3 cpe:/a:rubyonrails:rails:2.3.4 cpe:/a:rubyonrails:rails:2.3.9 cpe:/a:rubyonrails:rails:2.3.10 cpe:/a:rubyonrails:rails:3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta cpe:/a:rubyonrails:rails:3.0.0:beta2 cpe:/a:rubyonrails:rails:3.0.0:beta3 cpe:/a:rubyonrails:rails:3.0.0:beta4 cpe:/a:rubyonrails:rails:3.0.0:rc cpe:/a:rubyonrails:rails:3.0.0:rc2 cpe:/a:rubyonrails:rails:3.0.1 cpe:/a:rubyonrails:rails:3.0.1:pre cpe:/a:rubyonrails:rails:3.0.2 cpe:/a:rubyonrails:rails:3.0.2:pre cpe:/a:rubyonrails:rails:3.0.3 cpe:/a:rubyonrails:rails:3.0.4:rc1

CVE-2011-0446

2011-02-14T16:00:03.007-05:00

2019-08-08T11:41:32.003-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-02-15T08:12:00.000-05:00

MLIST [rubyonrails-security] 20110209 Potential XSS Problem with mail_to :encode => :javascript FEDORA FEDORA-2011-4358 FEDORA FEDORA-2011-2133 FEDORA FEDORA-2011-2138 DEBIAN DSA-2247 BID 46291 SECTRACK 1025064 VUPEN ADV-2011-0587 VUPEN ADV-2011-0877 Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.

cpe:/a:rubyonrails:rails:2.1.0 cpe:/a:rubyonrails:rails:2.1.1 cpe:/a:rubyonrails:rails:2.1.2 cpe:/a:rubyonrails:rails:2.2.0 cpe:/a:rubyonrails:rails:2.2.1 cpe:/a:rubyonrails:rails:2.2.2 cpe:/a:rubyonrails:rails:2.3.2 cpe:/a:rubyonrails:rails:2.3.3 cpe:/a:rubyonrails:rails:2.3.4 cpe:/a:rubyonrails:rails:2.3.9 cpe:/a:rubyonrails:rails:2.3.10 cpe:/a:rubyonrails:rails:3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta cpe:/a:rubyonrails:rails:3.0.0:beta2 cpe:/a:rubyonrails:rails:3.0.0:beta3 cpe:/a:rubyonrails:rails:3.0.0:beta4 cpe:/a:rubyonrails:rails:3.0.0:rc cpe:/a:rubyonrails:rails:3.0.0:rc2 cpe:/a:rubyonrails:rails:3.0.1 cpe:/a:rubyonrails:rails:3.0.1:pre cpe:/a:rubyonrails:rails:3.0.2 cpe:/a:rubyonrails:rails:3.0.2:pre cpe:/a:rubyonrails:rails:3.0.3 cpe:/a:rubyonrails:rails:3.0.4:rc1

CVE-2011-0447

2011-02-14T16:00:03.087-05:00

2019-08-08T11:41:32.003-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2011-02-15T08:36:00.000-05:00

MLIST [rubyonrails-security] 20110209 CSRF Protection Bypass in Ruby on Rails FEDORA FEDORA-2011-4358 FEDORA FEDORA-2011-2133 FEDORA FEDORA-2011-2138 CONFIRM http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails DEBIAN DSA-2247 BID 46291 SECTRACK 1025060 VUPEN ADV-2011-0587 VUPEN ADV-2011-0877 Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.

cpe:/a:rubyonrails:rails:3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta cpe:/a:rubyonrails:rails:3.0.0:beta2 cpe:/a:rubyonrails:rails:3.0.0:beta3 cpe:/a:rubyonrails:rails:3.0.0:beta4 cpe:/a:rubyonrails:rails:3.0.0:rc cpe:/a:rubyonrails:rails:3.0.0:rc2 cpe:/a:rubyonrails:rails:3.0.1 cpe:/a:rubyonrails:rails:3.0.1:pre cpe:/a:rubyonrails:rails:3.0.2 cpe:/a:rubyonrails:rails:3.0.2:pre cpe:/a:rubyonrails:rails:3.0.3 cpe:/a:rubyonrails:rails:3.0.4:rc1

CVE-2011-0448

2011-02-21T13:00:01.287-05:00

2019-08-08T11:41:32.003-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-02-22T09:14:00.000-05:00

MLIST [rubyonrails-security] 20110209 Potential SQL Injection in Rails 3.0.x FEDORA FEDORA-2011-4358 SECTRACK 1025063 CONFIRM http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4 VUPEN ADV-2011-0877 Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

CVE-2011-0449

2011-02-21T13:00:01.363-05:00

2019-08-08T11:41:32.003-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-02-22T09:33:00.000-05:00

MLIST [rubyonrails-security] 20110209 Filter Problems on Case-Insensitive Filesystems FEDORA FEDORA-2011-4358 SECTRACK 1025061 CONFIRM http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4 VUPEN ADV-2011-0877 actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

cpe:/a:opera:opera_browser:5.0 cpe:/a:opera:opera_browser:5.0:beta2 cpe:/a:opera:opera_browser:5.0:beta3 cpe:/a:opera:opera_browser:5.0:beta4 cpe:/a:opera:opera_browser:5.0:beta5 cpe:/a:opera:opera_browser:5.0:beta6 cpe:/a:opera:opera_browser:5.0:beta7 cpe:/a:opera:opera_browser:5.0:beta8 cpe:/a:opera:opera_browser:5.02 cpe:/a:opera:opera_browser:5.10 cpe:/a:opera:opera_browser:5.11 cpe:/a:opera:opera_browser:5.12 cpe:/a:opera:opera_browser:6.0 cpe:/a:opera:opera_browser:6.0:beta1 cpe:/a:opera:opera_browser:6.0:beta2 cpe:/a:opera:opera_browser:6.0:tp1 cpe:/a:opera:opera_browser:6.0:tp2 cpe:/a:opera:opera_browser:6.0:tp3 cpe:/a:opera:opera_browser:6.1 cpe:/a:opera:opera_browser:6.1:beta1 cpe:/a:opera:opera_browser:6.02 cpe:/a:opera:opera_browser:6.03 cpe:/a:opera:opera_browser:6.04 cpe:/a:opera:opera_browser:6.05 cpe:/a:opera:opera_browser:6.06 cpe:/a:opera:opera_browser:6.11 cpe:/a:opera:opera_browser:6.12 cpe:/a:opera:opera_browser:7.0 cpe:/a:opera:opera_browser:7.0:beta1 cpe:/a:opera:opera_browser:7.0:beta1_v2 cpe:/a:opera:opera_browser:7.0:beta2 cpe:/a:opera:opera_browser:7.01 cpe:/a:opera:opera_browser:7.02 cpe:/a:opera:opera_browser:7.03 cpe:/a:opera:opera_browser:7.10 cpe:/a:opera:opera_browser:7.10:beta1 cpe:/a:opera:opera_browser:7.11 cpe:/a:opera:opera_browser:7.11:beta2 cpe:/a:opera:opera_browser:7.20 cpe:/a:opera:opera_browser:7.20:beta7 cpe:/a:opera:opera_browser:7.21 cpe:/a:opera:opera_browser:7.22 cpe:/a:opera:opera_browser:7.23 cpe:/a:opera:opera_browser:7.50 cpe:/a:opera:opera_browser:7.50:beta1 cpe:/a:opera:opera_browser:7.51 cpe:/a:opera:opera_browser:7.52 cpe:/a:opera:opera_browser:7.53 cpe:/a:opera:opera_browser:7.54 cpe:/a:opera:opera_browser:7.54:update1 cpe:/a:opera:opera_browser:7.54:update2 cpe:/a:opera:opera_browser:7.60 cpe:/a:opera:opera_browser:8.0 cpe:/a:opera:opera_browser:8.0:beta1 cpe:/a:opera:opera_browser:8.0:beta2 cpe:/a:opera:opera_browser:8.0:beta3 cpe:/a:opera:opera_browser:8.01 cpe:/a:opera:opera_browser:8.02 cpe:/a:opera:opera_browser:8.50 cpe:/a:opera:opera_browser:8.51 cpe:/a:opera:opera_browser:8.52 cpe:/a:opera:opera_browser:8.53 cpe:/a:opera:opera_browser:8.54 cpe:/a:opera:opera_browser:9.0 cpe:/a:opera:opera_browser:9.0:beta1 cpe:/a:opera:opera_browser:9.0:beta2 cpe:/a:opera:opera_browser:9.01 cpe:/a:opera:opera_browser:9.02 cpe:/a:opera:opera_browser:9.10 cpe:/a:opera:opera_browser:9.12 cpe:/a:opera:opera_browser:9.20 cpe:/a:opera:opera_browser:9.20:beta1 cpe:/a:opera:opera_browser:9.21 cpe:/a:opera:opera_browser:9.22 cpe:/a:opera:opera_browser:9.23 cpe:/a:opera:opera_browser:9.24 cpe:/a:opera:opera_browser:9.25 cpe:/a:opera:opera_browser:9.26 cpe:/a:opera:opera_browser:9.27 cpe:/a:opera:opera_browser:9.50 cpe:/a:opera:opera_browser:9.50:beta1 cpe:/a:opera:opera_browser:9.50:beta2 cpe:/a:opera:opera_browser:9.51 cpe:/a:opera:opera_browser:9.52 cpe:/a:opera:opera_browser:9.60 cpe:/a:opera:opera_browser:9.60:beta1 cpe:/a:opera:opera_browser:9.61 cpe:/a:opera:opera_browser:9.62 cpe:/a:opera:opera_browser:9.63 cpe:/a:opera:opera_browser:9.64 cpe:/a:opera:opera_browser:10.00 cpe:/a:opera:opera_browser:10.00:beta1 cpe:/a:opera:opera_browser:10.00:beta2 cpe:/a:opera:opera_browser:10.00:beta3 cpe:/a:opera:opera_browser:10.01 cpe:/a:opera:opera_browser:10.10 cpe:/a:opera:opera_browser:10.10:beta1 cpe:/a:opera:opera_browser:10.50 cpe:/a:opera:opera_browser:10.50:beta1 cpe:/a:opera:opera_browser:10.50:beta2 cpe:/a:opera:opera_browser:10.51 cpe:/a:opera:opera_browser:10.52 cpe:/a:opera:opera_browser:10.53 cpe:/a:opera:opera_browser:10.53:b cpe:/a:opera:opera_browser:10.54 cpe:/a:opera:opera_browser:10.60 cpe:/a:opera:opera_browser:10.60:beta1 cpe:/a:opera:opera_browser:10.61 cpe:/a:opera:opera_browser:10.62 cpe:/a:opera:opera_browser:10.63 cpe:/a:opera:opera_browser:11.00 cpe:/a:opera:opera_browser:11.00:beta

CVE-2011-0450

2011-01-31T15:00:49.360-05:00

2017-09-18T21:32:00.130-04:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov JVN JVN#33880169 JVNDB JVNDB-2011-000010 CONFIRM http://www.opera.com/docs/changelogs/windows/1101/ CONFIRM http://www.opera.com/support/kb/view/985/ VUPEN ADV-2011-0231 The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executable file.

cpe:/a:lockon:ec-cube:1.1.0:beta cpe:/a:lockon:ec-cube:1.1.1 cpe:/a:lockon:ec-cube:1.2.0:beta cpe:/a:lockon:ec-cube:1.3.0 cpe:/a:lockon:ec-cube:1.3.0:beta cpe:/a:lockon:ec-cube:1.3.1 cpe:/a:lockon:ec-cube:1.3.1:a cpe:/a:lockon:ec-cube:1.3.2 cpe:/a:lockon:ec-cube:1.3.3 cpe:/a:lockon:ec-cube:1.3.4 cpe:/a:lockon:ec-cube:1.3.4:community cpe:/a:lockon:ec-cube:1.4.0:a-beta cpe:/a:lockon:ec-cube:1.4.0:beta cpe:/a:lockon:ec-cube:1.4.1:beta cpe:/a:lockon:ec-cube:1.4.2:beta cpe:/a:lockon:ec-cube:1.4.3:a-beta cpe:/a:lockon:ec-cube:1.4.3:b-beta cpe:/a:lockon:ec-cube:1.4.3:beta cpe:/a:lockon:ec-cube:1.4.5 cpe:/a:lockon:ec-cube:1.4.6 cpe:/a:lockon:ec-cube:1.4.7 cpe:/a:lockon:ec-cube:1.5.0:beta cpe:/a:lockon:ec-cube:2.0.0:beta cpe:/a:lockon:ec-cube:2.0.1 cpe:/a:lockon:ec-cube:2.0.1:a cpe:/a:lockon:ec-cube:2.1.0:beta cpe:/a:lockon:ec-cube:2.1.2 cpe:/a:lockon:ec-cube:2.1.2:a cpe:/a:lockon:ec-cube:2.2.0:beta cpe:/a:lockon:ec-cube:2.2.1:one cpe:/a:lockon:ec-cube:2.3.0 cpe:/a:lockon:ec-cube:2.3.0:rc1 cpe:/a:lockon:ec-cube:2.3.1 cpe:/a:lockon:ec-cube:2.3.3 cpe:/a:lockon:ec-cube:2.3.4 cpe:/a:lockon:ec-cube:2.4.0 cpe:/a:lockon:ec-cube:2.4.0:rc1 cpe:/a:lockon:ec-cube:2.4.1 cpe:/a:lockon:ec-cube:2.4.2 cpe:/a:lockon:ec-cube:2.4.3 cpe:/a:lockon:ec-cube:2.4.4 cpe:/a:lockon:ec-cube:2.11.0:beta

CVE-2011-0451

2011-02-03T11:00:04.447-05:00

2017-08-16T21:33:30.760-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov JVN JVN#84393059 JVNDB JVNDB-2011-000011 CONFIRM http://svn.ec-cube.net/open_trac/changeset/18742 CONFIRM http://www.ec-cube.net/info/weakness/weakness.php?id=36 BID 46100 XF ec-cube-list-xss(65079) Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:lunascape:lunascape:3.0.0 cpe:/a:lunascape:lunascape:3.0.1 cpe:/a:lunascape:lunascape:3.1.0 cpe:/a:lunascape:lunascape:3.5.0 cpe:/a:lunascape:lunascape:3.5.1 cpe:/a:lunascape:lunascape:3.5.2 cpe:/a:lunascape:lunascape:3.5.3 cpe:/a:lunascape:lunascape:3.5.4 cpe:/a:lunascape:lunascape:3.6.0 cpe:/a:lunascape:lunascape:3.6.1 cpe:/a:lunascape:lunascape:3.6.2 cpe:/a:lunascape:lunascape:3.6.3 cpe:/a:lunascape:lunascape:3.6.4 cpe:/a:lunascape:lunascape:3.6.5 cpe:/a:lunascape:lunascape:4.0.0 cpe:/a:lunascape:lunascape:4.0.1 cpe:/a:lunascape:lunascape:4.0.2 cpe:/a:lunascape:lunascape:4.0.3 cpe:/a:lunascape:lunascape:4.0.4 cpe:/a:lunascape:lunascape:4.0.5 cpe:/a:lunascape:lunascape:4.0.6 cpe:/a:lunascape:lunascape:4.0.7 cpe:/a:lunascape:lunascape:4.1.0 cpe:/a:lunascape:lunascape:4.1.1 cpe:/a:lunascape:lunascape:4.1.2 cpe:/a:lunascape:lunascape:4.1.3 cpe:/a:lunascape:lunascape:4.2.0 cpe:/a:lunascape:lunascape:4.2.1 cpe:/a:lunascape:lunascape:4.2.2 cpe:/a:lunascape:lunascape:4.3.0 cpe:/a:lunascape:lunascape:4.3.1 cpe:/a:lunascape:lunascape:4.3.2 cpe:/a:lunascape:lunascape:4.3.3 cpe:/a:lunascape:lunascape:4.5.0 cpe:/a:lunascape:lunascape:4.5.1 cpe:/a:lunascape:lunascape:4.5.2 cpe:/a:lunascape:lunascape:4.6 cpe:/a:lunascape:lunascape:4.6.1 cpe:/a:lunascape:lunascape:4.6.2 cpe:/a:lunascape:lunascape:4.6.3 cpe:/a:lunascape:lunascape:4.6.4 cpe:/a:lunascape:lunascape:4.6.5 cpe:/a:lunascape:lunascape:4.7.0 cpe:/a:lunascape:lunascape:4.7.1 cpe:/a:lunascape:lunascape:4.7.2 cpe:/a:lunascape:lunascape:4.7.3 cpe:/a:lunascape:lunascape:4.7.4 cpe:/a:lunascape:lunascape:4.8.0 cpe:/a:lunascape:lunascape:4.8.1 cpe:/a:lunascape:lunascape:5.0:rc3 cpe:/a:lunascape:lunascape:5.0.0 cpe:/a:lunascape:lunascape:5.0.1 cpe:/a:lunascape:lunascape:5.0.2 cpe:/a:lunascape:lunascape:5.0.3 cpe:/a:lunascape:lunascape:5.0.4 cpe:/a:lunascape:lunascape:5.0.5 cpe:/a:lunascape:lunascape:5.1:beta cpe:/a:lunascape:lunascape:5.1.0 cpe:/a:lunascape:lunascape:5.1.1 cpe:/a:lunascape:lunascape:5.1.2 cpe:/a:lunascape:lunascape:5.1.3 cpe:/a:lunascape:lunascape:5.1.4 cpe:/a:lunascape:lunascape:5.1.5 cpe:/a:lunascape:lunascape:5.1.6 cpe:/a:lunascape:lunascape:6.0.0 cpe:/a:lunascape:lunascape:6.0.1 cpe:/a:lunascape:lunascape:6.0.2 cpe:/a:lunascape:lunascape:6.0.3 cpe:/a:lunascape:lunascape:6.1 cpe:/a:lunascape:lunascape:6.1.1 cpe:/a:lunascape:lunascape:6.1.2 cpe:/a:lunascape:lunascape:6.1.3 cpe:/a:lunascape:lunascape:6.1.4 cpe:/a:lunascape:lunascape:6.1.5 cpe:/a:lunascape:lunascape:6.1.6 cpe:/a:lunascape:lunascape:6.1.7 cpe:/a:lunascape:lunascape:6.2 cpe:/a:lunascape:lunascape:6.2.1 cpe:/a:lunascape:lunascape:6.3 cpe:/a:lunascape:lunascape:6.3.1 cpe:/a:lunascape:lunascape:6.3.2 cpe:/a:lunascape:lunascape:6.3.3 cpe:/a:lunascape:lunascape:6.3.4 cpe:/a:lunascape:lunascape:6.4.1 cpe:/a:lunascape:lunascape:6.4.2

CVE-2011-0452

2011-02-24T16:00:01.287-05:00

2017-08-16T21:33:30.823-04:00

6.2

LOCAL

HIGH

NONE

COMPLETE

http://nvd.nist.gov JVN JVN#38362957 JVNDB JVNDB-2011-000012 CONFIRM http://lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3 XF lunascape-dll-code-execution(65592) Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

cpe:/a:f-secure:internet_gatekeeper:3.02.1221::linux

CVE-2011-0453

2011-02-18T12:00:46.213-05:00

2011-03-10T22:50:43.893-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov JVN JVN#71542734 JVNDB JVNDB-2011-000013 CONFIRM http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-1.html VUPEN ADV-2011-0393 F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port.

cpe:/a:iij:seil%2fb1_firmware:1.00 cpe:/a:iij:seil%2fb1_firmware:2.01 cpe:/a:iij:seil%2fb1_firmware:2.10 cpe:/a:iij:seil%2fb1_firmware:2.20 cpe:/a:iij:seil%2fb1_firmware:2.30 cpe:/a:iij:seil%2fb1_firmware:2.40 cpe:/a:iij:seil%2fb1_firmware:2.41 cpe:/a:iij:seil%2fb1_firmware:2.42 cpe:/a:iij:seil%2fb1_firmware:2.50 cpe:/a:iij:seil%2fb1_firmware:2.51 cpe:/a:iij:seil%2fb1_firmware:2.52 cpe:/a:iij:seil%2fb1_firmware:2.60 cpe:/a:iij:seil%2fb1_firmware:2.61 cpe:/a:iij:seil%2fb1_firmware:2.62 cpe:/a:iij:seil%2fb1_firmware:2.63 cpe:/a:iij:seil%2fb1_firmware:2.70 cpe:/a:iij:seil%2fb1_firmware:2.72 cpe:/a:iij:seil%2fb1_firmware:2.73 cpe:/a:iij:seil%2fb1_firmware:2.74 cpe:/a:iij:seil%2fb1_firmware:2.75 cpe:/a:iij:seil%2fb1_firmware:3.01 cpe:/a:iij:seil%2fb1_firmware:3.02 cpe:/a:iij:seil%2fb1_firmware:3.10 cpe:/a:iij:seil%2fb1_firmware:3.11 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.80 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.81 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.82 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.83 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.84 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.85 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.90 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.91 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.92 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.93 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.94 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.95 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.96 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.98 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:1.99 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.00 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.01 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.02 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.03 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.04 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.05 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.06 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.07 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.08 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.09 cpe:/a:iij:seil%2fneu_2fe_plus_firmware:2.10 cpe:/a:iij:seil%2fturbo_firmware:1.80 cpe:/a:iij:seil%2fturbo_firmware:1.81 cpe:/a:iij:seil%2fturbo_firmware:1.82 cpe:/a:iij:seil%2fturbo_firmware:1.83 cpe:/a:iij:seil%2fturbo_firmware:1.84 cpe:/a:iij:seil%2fturbo_firmware:1.85 cpe:/a:iij:seil%2fturbo_firmware:1.90 cpe:/a:iij:seil%2fturbo_firmware:1.91 cpe:/a:iij:seil%2fturbo_firmware:1.92 cpe:/a:iij:seil%2fturbo_firmware:1.93 cpe:/a:iij:seil%2fturbo_firmware:1.94 cpe:/a:iij:seil%2fturbo_firmware:1.95 cpe:/a:iij:seil%2fturbo_firmware:1.96 cpe:/a:iij:seil%2fturbo_firmware:1.98 cpe:/a:iij:seil%2fturbo_firmware:1.99 cpe:/a:iij:seil%2fturbo_firmware:2.00 cpe:/a:iij:seil%2fturbo_firmware:2.01 cpe:/a:iij:seil%2fturbo_firmware:2.02 cpe:/a:iij:seil%2fturbo_firmware:2.03 cpe:/a:iij:seil%2fturbo_firmware:2.04 cpe:/a:iij:seil%2fturbo_firmware:2.05 cpe:/a:iij:seil%2fturbo_firmware:2.06 cpe:/a:iij:seil%2fturbo_firmware:2.07 cpe:/a:iij:seil%2fturbo_firmware:2.08 cpe:/a:iij:seil%2fturbo_firmware:2.09 cpe:/a:iij:seil%2fturbo_firmware:2.10 cpe:/a:iij:seil%2fx1_firmware:1.00 cpe:/a:iij:seil%2fx1_firmware:1.10 cpe:/a:iij:seil%2fx1_firmware:1.11 cpe:/a:iij:seil%2fx1_firmware:1.20 cpe:/a:iij:seil%2fx1_firmware:1.21 cpe:/a:iij:seil%2fx1_firmware:1.22 cpe:/a:iij:seil%2fx1_firmware:1.30 cpe:/a:iij:seil%2fx1_firmware:1.31 cpe:/a:iij:seil%2fx1_firmware:1.32 cpe:/a:iij:seil%2fx1_firmware:1.40 cpe:/a:iij:seil%2fx1_firmware:1.41 cpe:/a:iij:seil%2fx1_firmware:1.43 cpe:/a:iij:seil%2fx1_firmware:1.44 cpe:/a:iij:seil%2fx1_firmware:2.10 cpe:/a:iij:seil%2fx1_firmware:2.20 cpe:/a:iij:seil%2fx1_firmware:2.30 cpe:/a:iij:seil%2fx1_firmware:2.40 cpe:/a:iij:seil%2fx1_firmware:2.41 cpe:/a:iij:seil%2fx1_firmware:2.42 cpe:/a:iij:seil%2fx1_firmware:2.50 cpe:/a:iij:seil%2fx1_firmware:2.51 cpe:/a:iij:seil%2fx1_firmware:2.52 cpe:/a:iij:seil%2fx1_firmware:2.60 cpe:/a:iij:seil%2fx1_firmware:2.61 cpe:/a:iij:seil%2fx1_firmware:2.62 cpe:/a:iij:seil%2fx1_firmware:2.63 cpe:/a:iij:seil%2fx1_firmware:2.70 cpe:/a:iij:seil%2fx1_firmware:2.72 cpe:/a:iij:seil%2fx1_firmware:2.73 cpe:/a:iij:seil%2fx1_firmware:2.74 cpe:/a:iij:seil%2fx1_firmware:2.75 cpe:/a:iij:seil%2fx1_firmware:3.01 cpe:/a:iij:seil%2fx1_firmware:3.02 cpe:/a:iij:seil%2fx1_firmware:3.10 cpe:/a:iij:seil%2fx1_firmware:3.11 cpe:/a:iij:seil%2fx2_firmware:1.00 cpe:/a:iij:seil%2fx2_firmware:1.10 cpe:/a:iij:seil%2fx2_firmware:1.11 cpe:/a:iij:seil%2fx2_firmware:1.20 cpe:/a:iij:seil%2fx2_firmware:1.21 cpe:/a:iij:seil%2fx2_firmware:1.22 cpe:/a:iij:seil%2fx2_firmware:1.30 cpe:/a:iij:seil%2fx2_firmware:1.31 cpe:/a:iij:seil%2fx2_firmware:1.32 cpe:/a:iij:seil%2fx2_firmware:1.40 cpe:/a:iij:seil%2fx2_firmware:1.41 cpe:/a:iij:seil%2fx2_firmware:1.43 cpe:/a:iij:seil%2fx2_firmware:1.44 cpe:/a:iij:seil%2fx2_firmware:2.10 cpe:/a:iij:seil%2fx2_firmware:2.20 cpe:/a:iij:seil%2fx2_firmware:2.30 cpe:/a:iij:seil%2fx2_firmware:2.40 cpe:/a:iij:seil%2fx2_firmware:2.41 cpe:/a:iij:seil%2fx2_firmware:2.42 cpe:/a:iij:seil%2fx2_firmware:2.50 cpe:/a:iij:seil%2fx2_firmware:2.51 cpe:/a:iij:seil%2fx2_firmware:2.52 cpe:/a:iij:seil%2fx2_firmware:2.60 cpe:/a:iij:seil%2fx2_firmware:2.61 cpe:/a:iij:seil%2fx2_firmware:2.62 cpe:/a:iij:seil%2fx2_firmware:2.63 cpe:/a:iij:seil%2fx2_firmware:2.70 cpe:/a:iij:seil%2fx2_firmware:2.72 cpe:/a:iij:seil%2fx2_firmware:2.73 cpe:/a:iij:seil%2fx2_firmware:2.74 cpe:/a:iij:seil%2fx2_firmware:2.75 cpe:/a:iij:seil%2fx2_firmware:3.01 cpe:/a:iij:seil%2fx2_firmware:3.02 cpe:/a:iij:seil%2fx2_firmware:3.10 cpe:/a:iij:seil%2fx2_firmware:3.11 cpe:/a:iij:seil%2fx86_firmware:1.00 cpe:/a:iij:seil%2fx86_firmware:1.61 cpe:/h:iij:seil%2fb1 cpe:/h:iij:seil%2fneu_2fe_plus cpe:/h:iij:seil%2fturbo cpe:/h:iij:seil%2fx1 cpe:/h:iij:seil%2fx2 cpe:/h:iij:seil%2fx86

CVE-2011-0454

2011-03-01T18:00:02.800-05:00

2017-08-16T21:33:30.930-04:00

8.3

ADJACENT_NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov JVN JVN#88991166 JVNDB JVNDB-2011-000014 BID 46598 CONFIRM http://www.seil.jp/support/security/a01001.html XF seil-pppac-bo(65672) Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware 1.00 through 1.61, SEIL/B1 with firmware 1.00 through 3.11, SEIL/X1 with firmware 1.00 through 3.11, SEIL/X2 with firmware 1.00 through 3.11, SEIL/Turbo with firmware 1.80 through 2.10, and SEIL/neu 2FE Plus with firmware 1.80 through 2.10 might allow remote attackers to execute arbitrary code via a PPPoE packet.

cpe:/a:thingslabo:bbs_thread:1.0.0 cpe:/a:thingslabo:bbs_thread:2.0.0 cpe:/a:thingslabo:bbs_thread:2.0.1 cpe:/a:thingslabo:bbs_thread:2.0.2 cpe:/a:thingslabo:things_bbs:1.0.4 cpe:/a:thingslabo:things_bbs:1.1.0 cpe:/a:thingslabo:things_bbs:2.0.0 cpe:/a:thingslabo:things_bbs:2.0.1 cpe:/a:thingslabo:things_bbs:2.0.2

CVE-2011-0455

2011-03-02T20:00:00.833-05:00

2017-08-16T21:33:30.993-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov JVN JVN#20982938 JVNDB JVNDB-2011-000015 BID 46638 CONFIRM http://www.thingslabo.com/cgi/bbs/download.html CONFIRM http://www.thingslabo.com/cgi/bbs_thread/download.html XF bbs-bbsthread-unspecified-xss(65852) Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 and BBS Thread before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:otrs:otrs:1.3.2 cpe:/a:otrs:otrs:1.3.3 cpe:/a:otrs:otrs:2.0.1 cpe:/a:otrs:otrs:2.0.2 cpe:/a:otrs:otrs:2.0.3 cpe:/a:otrs:otrs:2.0.4 cpe:/a:otrs:otrs:2.0.5 cpe:/a:otrs:otrs:2.1.1 cpe:/a:otrs:otrs:2.1.2 cpe:/a:otrs:otrs:2.1.3 cpe:/a:otrs:otrs:2.1.4 cpe:/a:otrs:otrs:2.1.5 cpe:/a:otrs:otrs:2.1.6 cpe:/a:otrs:otrs:2.1.7 cpe:/a:otrs:otrs:2.1.8 cpe:/a:otrs:otrs:2.1.9 cpe:/a:otrs:otrs:2.2.1 cpe:/a:otrs:otrs:2.2.2 cpe:/a:otrs:otrs:2.2.3 cpe:/a:otrs:otrs:2.2.4 cpe:/a:otrs:otrs:2.2.5 cpe:/a:otrs:otrs:2.2.6 cpe:/a:otrs:otrs:2.2.7 cpe:/a:otrs:otrs:2.2.8 cpe:/a:otrs:otrs:2.2.9 cpe:/a:otrs:otrs:2.3.1 cpe:/a:otrs:otrs:2.3.2 cpe:/a:otrs:otrs:2.3.3 cpe:/a:otrs:otrs:2.3.4

CVE-2011-0456

2011-03-11T12:55:02.667-05:00

2011-08-26T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-03-14T09:43:00.000-04:00

JVN JVN#73162541 JVNDB JVNDB-2011-000019 SUSE openSUSE-SU-2011:0278 webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."

cpe:/a:e107:e107:0.6_10 cpe:/a:e107:e107:0.6_11 cpe:/a:e107:e107:0.6_12 cpe:/a:e107:e107:0.6_13 cpe:/a:e107:e107:0.6_14 cpe:/a:e107:e107:0.6_15 cpe:/a:e107:e107:0.6_15a cpe:/a:e107:e107:0.7 cpe:/a:e107:e107:0.7.0 cpe:/a:e107:e107:0.7.1 cpe:/a:e107:e107:0.7.2 cpe:/a:e107:e107:0.7.3 cpe:/a:e107:e107:0.7.4 cpe:/a:e107:e107:0.7.5 cpe:/a:e107:e107:0.7.6 cpe:/a:e107:e107:0.7.7 cpe:/a:e107:e107:0.7.8 cpe:/a:e107:e107:0.7.9 cpe:/a:e107:e107:0.7.10 cpe:/a:e107:e107:0.7.11 cpe:/a:e107:e107:0.7.12 cpe:/a:e107:e107:0.7.13 cpe:/a:e107:e107:0.7.14 cpe:/a:e107:e107:0.7.15 cpe:/a:e107:e107:0.7.16 cpe:/a:e107:e107:0.7.17 cpe:/a:e107:e107:0.7.18 cpe:/a:e107:e107:0.7.19 cpe:/a:e107:e107:0.7.20 cpe:/a:e107:e107:0.7.21 cpe:/a:e107:e107:0.7.22 cpe:/a:e107:e107:0.545 cpe:/a:e107:e107:0.547:beta cpe:/a:e107:e107:0.548:beta cpe:/a:e107:e107:0.549:beta cpe:/a:e107:e107:0.551:beta cpe:/a:e107:e107:0.552:beta cpe:/a:e107:e107:0.553:beta cpe:/a:e107:e107:0.554 cpe:/a:e107:e107:0.554:beta cpe:/a:e107:e107:0.555:beta cpe:/a:e107:e107:0.600 cpe:/a:e107:e107:0.601 cpe:/a:e107:e107:0.602 cpe:/a:e107:e107:0.603 cpe:/a:e107:e107:0.604 cpe:/a:e107:e107:0.605 cpe:/a:e107:e107:0.606 cpe:/a:e107:e107:0.607 cpe:/a:e107:e107:0.608 cpe:/a:e107:e107:0.609 cpe:/a:e107:e107:0.610 cpe:/a:e107:e107:0.611 cpe:/a:e107:e107:0.612 cpe:/a:e107:e107:0.613 cpe:/a:e107:e107:0.614 cpe:/a:e107:e107:0.615 cpe:/a:e107:e107:0.615a cpe:/a:e107:e107:0.616 cpe:/a:e107:e107:0.617 cpe:/a:e107:e107:0.6171 cpe:/a:e107:e107:0.6172 cpe:/a:e107:e107:0.6173 cpe:/a:e107:e107:0.6174 cpe:/a:e107:e107:0.6175

CVE-2011-0457

2011-03-15T13:55:03.780-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-03-15T15:11:00.000-04:00

MISC http://e107.org/comment.php?comment.news.872 CONFIRM http://e107.org/svn_changelog.php?version=0.7.23 JVN JVN#01635457 Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:google:picasa:3.6

CVE-2011-0458

2011-03-28T12:55:04.280-04:00

2017-08-16T21:33:31.057-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov JVN JVN#99977321 JVNDB JVNDB-2011-000022 BID 47031 VUPEN ADV-2011-0766 XF google-picasa-dll-code-execution(66295) Untrusted search path vulnerability in the Locate on Disk feature in Google Picasa before 3.8 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

cpe:/a:cyber-ark:password_vault_web_access:4.0 cpe:/a:cyber-ark:password_vault_web_access:5.0 cpe:/a:cyber-ark:password_vault_web_access:5.5 cpe:/a:cyber-ark:password_vault_web_access:5.5:patch4 cpe:/a:cyber-ark:password_vault_web_access:6.0 cpe:/a:cyber-ark:password_vault_web_access:6.0:patch2

CVE-2011-0459

2011-10-04T22:56:24.583-04:00

2012-05-14T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-10-05T10:57:00.000-04:00

JVN JVN#11424086 JVNDB JVNDB-2011-000023 BID 47271 Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:kbd-project:kbd:0.99 cpe:/a:kbd-project:kbd:1.01 cpe:/a:kbd-project:kbd:1.03 cpe:/a:kbd-project:kbd:1.04 cpe:/a:kbd-project:kbd:1.05 cpe:/a:kbd-project:kbd:1.06 cpe:/a:kbd-project:kbd:1.08 cpe:/a:kbd-project:kbd:1.10 cpe:/a:kbd-project:kbd:1.11 cpe:/a:kbd-project:kbd:1.12 cpe:/a:kbd-project:kbd:1.13 cpe:/a:kbd-project:kbd:1.14 cpe:/a:kbd-project:kbd:1.14.1 cpe:/o:opensuse:opensuse:11.2 cpe:/o:opensuse:opensuse:11.3

CVE-2011-0460

2014-04-16T14:37:09.083-04:00

2018-10-30T12:27:33.390-04:00

6.3

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2014-04-16T14:55:49.183-04:00

SUSE openSUSE-SU-2011:0357 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=663898 The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

cpe:/o:opensuse:opensuse:11.2 cpe:/o:opensuse:opensuse:11.3

CVE-2011-0461

2011-04-04T08:27:36.530-04:00

2018-10-30T12:27:33.390-04:00

6.3

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SUSE SUSE-SR:2011:005 SUSE SUSE-SR:2011:009 MLIST [opensuse-updates] 20110314 openSUSE-SU-2011:0171-1 (moderate): aaa_base security update CONFIRM http://support.novell.com/security/cve/CVE-2011-0461.html CONFIRM https://bugzilla.novell.com/665479 /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.

cpe:/a:novell:opensuse_build_service:1.0 cpe:/a:novell:opensuse_build_service:1.5 cpe:/a:novell:opensuse_build_service:1.6 cpe:/a:novell:opensuse_build_service:1.7 cpe:/a:novell:opensuse_build_service:1.7.0 cpe:/a:novell:opensuse_build_service:1.7.2 cpe:/a:novell:opensuse_build_service:1.7.3 cpe:/a:novell:opensuse_build_service:1.7.4 cpe:/a:novell:opensuse_build_service:1.7.5 cpe:/a:novell:opensuse_build_service:1.7.6 cpe:/a:novell:opensuse_build_service:1.7.7 cpe:/a:novell:opensuse_build_service:1.8 cpe:/a:novell:opensuse_build_service:1.9.90 cpe:/a:novell:opensuse_build_service:1.9.91 cpe:/a:novell:opensuse_build_service:1.9.92 cpe:/a:novell:opensuse_build_service:2.0 cpe:/a:novell:opensuse_build_service:2.0.0 cpe:/a:novell:opensuse_build_service:2.0.1 cpe:/a:novell:opensuse_build_service:2.0.2 cpe:/a:novell:opensuse_build_service:2.0.3 cpe:/a:novell:opensuse_build_service:2.0.4 cpe:/a:novell:opensuse_build_service:2.0.5 cpe:/a:novell:opensuse_build_service:2.0.6 cpe:/a:novell:opensuse_build_service:2.0.7 cpe:/a:novell:opensuse_build_service:2.0.8 cpe:/a:novell:opensuse_build_service:2.0.16 cpe:/a:novell:opensuse_build_service:2.0.103 cpe:/a:novell:opensuse_build_service:2.0.104 cpe:/a:novell:opensuse_build_service:2.0.106 cpe:/a:novell:opensuse_build_service:2.1 cpe:/a:novell:opensuse_build_service:2.1.0 cpe:/a:novell:opensuse_build_service:2.1.1 cpe:/a:novell:opensuse_build_service:2.1.2 cpe:/a:novell:opensuse_build_service:2.1.3 cpe:/a:novell:opensuse_build_service:2.1.4 cpe:/a:novell:opensuse_build_service:2.1.5 cpe:/a:novell:opensuse_build_service:2.1.5.1

CVE-2011-0462

2011-04-09T22:51:19.243-04:00

2011-04-22T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-04-11T08:37:00.000-04:00

CONFIRM http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems/ CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=669909 Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.1:rc1 cpe:/o:linux:linux_kernel:2.6.1:rc2 cpe:/o:linux:linux_kernel:2.6.1:rc3 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.2:rc1 cpe:/o:linux:linux_kernel:2.6.2:rc2 cpe:/o:linux:linux_kernel:2.6.2:rc3 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.3:rc1 cpe:/o:linux:linux_kernel:2.6.3:rc2 cpe:/o:linux:linux_kernel:2.6.3:rc3 cpe:/o:linux:linux_kernel:2.6.3:rc4 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.4:rc1 cpe:/o:linux:linux_kernel:2.6.4:rc2 cpe:/o:linux:linux_kernel:2.6.4:rc3 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.5:rc1 cpe:/o:linux:linux_kernel:2.6.5:rc2 cpe:/o:linux:linux_kernel:2.6.5:rc3 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.6:rc1 cpe:/o:linux:linux_kernel:2.6.6:rc2 cpe:/o:linux:linux_kernel:2.6.6:rc3 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.7:rc1 cpe:/o:linux:linux_kernel:2.6.7:rc2 cpe:/o:linux:linux_kernel:2.6.7:rc3 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.8:rc1 cpe:/o:linux:linux_kernel:2.6.8:rc2 cpe:/o:linux:linux_kernel:2.6.8:rc3 cpe:/o:linux:linux_kernel:2.6.8:rc4 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.9:rc1 cpe:/o:linux:linux_kernel:2.6.9:rc2 cpe:/o:linux:linux_kernel:2.6.9:rc3 cpe:/o:linux:linux_kernel:2.6.9:rc4 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.10:rc1 cpe:/o:linux:linux_kernel:2.6.10:rc2 cpe:/o:linux:linux_kernel:2.6.10:rc3 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.11:rc1 cpe:/o:linux:linux_kernel:2.6.11:rc2 cpe:/o:linux:linux_kernel:2.6.11:rc3 cpe:/o:linux:linux_kernel:2.6.11:rc4 cpe:/o:linux:linux_kernel:2.6.11:rc5 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12:rc1 cpe:/o:linux:linux_kernel:2.6.12:rc2 cpe:/o:linux:linux_kernel:2.6.12:rc3 cpe:/o:linux:linux_kernel:2.6.12:rc4 cpe:/o:linux:linux_kernel:2.6.12:rc5 cpe:/o:linux:linux_kernel:2.6.12:rc6 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13:rc1 cpe:/o:linux:linux_kernel:2.6.13:rc2 cpe:/o:linux:linux_kernel:2.6.13:rc3 cpe:/o:linux:linux_kernel:2.6.13:rc4 cpe:/o:linux:linux_kernel:2.6.13:rc5 cpe:/o:linux:linux_kernel:2.6.13:rc6 cpe:/o:linux:linux_kernel:2.6.13:rc7 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.14:rc5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.15:rc2 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.16:rc2 cpe:/o:linux:linux_kernel:2.6.16:rc3 cpe:/o:linux:linux_kernel:2.6.16:rc4 cpe:/o:linux:linux_kernel:2.6.16:rc5 cpe:/o:linux:linux_kernel:2.6.16:rc6 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17:rc1 cpe:/o:linux:linux_kernel:2.6.17:rc2 cpe:/o:linux:linux_kernel:2.6.17:rc3 cpe:/o:linux:linux_kernel:2.6.17:rc4 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.17:rc6 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.19:rc1 cpe:/o:linux:linux_kernel:2.6.19:rc2 cpe:/o:linux:linux_kernel:2.6.19:rc3 cpe:/o:linux:linux_kernel:2.6.19:rc4 cpe:/o:linux:linux_kernel:2.6.19:rc5 cpe:/o:linux:linux_kernel:2.6.19:rc6 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.20:rc1 cpe:/o:linux:linux_kernel:2.6.20:rc2 cpe:/o:linux:linux_kernel:2.6.20:rc3 cpe:/o:linux:linux_kernel:2.6.20:rc4 cpe:/o:linux:linux_kernel:2.6.20:rc5 cpe:/o:linux:linux_kernel:2.6.20:rc6 cpe:/o:linux:linux_kernel:2.6.20:rc7 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21:rc1 cpe:/o:linux:linux_kernel:2.6.21:rc2 cpe:/o:linux:linux_kernel:2.6.21:rc3 cpe:/o:linux:linux_kernel:2.6.21:rc4 cpe:/o:linux:linux_kernel:2.6.21:rc5 cpe:/o:linux:linux_kernel:2.6.21:rc6 cpe:/o:linux:linux_kernel:2.6.21:rc7 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.22:rc1 cpe:/o:linux:linux_kernel:2.6.22:rc2 cpe:/o:linux:linux_kernel:2.6.22:rc3 cpe:/o:linux:linux_kernel:2.6.22:rc4 cpe:/o:linux:linux_kernel:2.6.22:rc5 cpe:/o:linux:linux_kernel:2.6.22:rc6 cpe:/o:linux:linux_kernel:2.6.22:rc7 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.18 cpe:/o:linux:linux_kernel:2.6.22.19 cpe:/o:linux:linux_kernel:2.6.22.20 cpe:/o:linux:linux_kernel:2.6.22.21 cpe:/o:linux:linux_kernel:2.6.22.22 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.23:rc3 cpe:/o:linux:linux_kernel:2.6.23:rc4 cpe:/o:linux:linux_kernel:2.6.23:rc5 cpe:/o:linux:linux_kernel:2.6.23:rc6 cpe:/o:linux:linux_kernel:2.6.23:rc7 cpe:/o:linux:linux_kernel:2.6.23:rc8 cpe:/o:linux:linux_kernel:2.6.23:rc9 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.15 cpe:/o:linux:linux_kernel:2.6.23.16 cpe:/o:linux:linux_kernel:2.6.23.17 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc1 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24:rc4 cpe:/o:linux:linux_kernel:2.6.24:rc5 cpe:/o:linux:linux_kernel:2.6.24:rc6 cpe:/o:linux:linux_kernel:2.6.24:rc7 cpe:/o:linux:linux_kernel:2.6.24:rc8 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.3 cpe:/o:linux:linux_kernel:2.6.24.4 cpe:/o:linux:linux_kernel:2.6.24.5 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.7 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.25:rc1 cpe:/o:linux:linux_kernel:2.6.25:rc2 cpe:/o:linux:linux_kernel:2.6.25:rc3 cpe:/o:linux:linux_kernel:2.6.25:rc4 cpe:/o:linux:linux_kernel:2.6.25:rc5 cpe:/o:linux:linux_kernel:2.6.25:rc6 cpe:/o:linux:linux_kernel:2.6.25:rc7 cpe:/o:linux:linux_kernel:2.6.25:rc8 cpe:/o:linux:linux_kernel:2.6.25:rc9 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.6 cpe:/o:linux:linux_kernel:2.6.25.7 cpe:/o:linux:linux_kernel:2.6.25.8 cpe:/o:linux:linux_kernel:2.6.25.9 cpe:/o:linux:linux_kernel:2.6.25.10 cpe:/o:linux:linux_kernel:2.6.25.11 cpe:/o:linux:linux_kernel:2.6.25.12 cpe:/o:linux:linux_kernel:2.6.25.13 cpe:/o:linux:linux_kernel:2.6.25.14 cpe:/o:linux:linux_kernel:2.6.25.15 cpe:/o:linux:linux_kernel:2.6.25.16 cpe:/o:linux:linux_kernel:2.6.25.17 cpe:/o:linux:linux_kernel:2.6.25.18 cpe:/o:linux:linux_kernel:2.6.25.19 cpe:/o:linux:linux_kernel:2.6.25.20 cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.26:rc1 cpe:/o:linux:linux_kernel:2.6.26:rc2 cpe:/o:linux:linux_kernel:2.6.26:rc3 cpe:/o:linux:linux_kernel:2.6.26:rc4 cpe:/o:linux:linux_kernel:2.6.26:rc5 cpe:/o:linux:linux_kernel:2.6.26:rc6 cpe:/o:linux:linux_kernel:2.6.26:rc7 cpe:/o:linux:linux_kernel:2.6.26:rc8 cpe:/o:linux:linux_kernel:2.6.26:rc9 cpe:/o:linux:linux_kernel:2.6.26.1 cpe:/o:linux:linux_kernel:2.6.26.2 cpe:/o:linux:linux_kernel:2.6.26.3 cpe:/o:linux:linux_kernel:2.6.26.4 cpe:/o:linux:linux_kernel:2.6.26.5 cpe:/o:linux:linux_kernel:2.6.26.6 cpe:/o:linux:linux_kernel:2.6.26.7 cpe:/o:linux:linux_kernel:2.6.26.8 cpe:/o:linux:linux_kernel:2.6.27 cpe:/o:linux:linux_kernel:2.6.27:rc1 cpe:/o:linux:linux_kernel:2.6.27:rc2 cpe:/o:linux:linux_kernel:2.6.27:rc3 cpe:/o:linux:linux_kernel:2.6.27:rc4 cpe:/o:linux:linux_kernel:2.6.27:rc5 cpe:/o:linux:linux_kernel:2.6.27:rc6 cpe:/o:linux:linux_kernel:2.6.27:rc7 cpe:/o:linux:linux_kernel:2.6.27:rc8 cpe:/o:linux:linux_kernel:2.6.27:rc9 cpe:/o:linux:linux_kernel:2.6.27.1 cpe:/o:linux:linux_kernel:2.6.27.2 cpe:/o:linux:linux_kernel:2.6.27.3 cpe:/o:linux:linux_kernel:2.6.27.4 cpe:/o:linux:linux_kernel:2.6.27.5 cpe:/o:linux:linux_kernel:2.6.27.6 cpe:/o:linux:linux_kernel:2.6.27.7 cpe:/o:linux:linux_kernel:2.6.27.8 cpe:/o:linux:linux_kernel:2.6.27.9 cpe:/o:linux:linux_kernel:2.6.27.10 cpe:/o:linux:linux_kernel:2.6.27.11 cpe:/o:linux:linux_kernel:2.6.27.12 cpe:/o:linux:linux_kernel:2.6.27.13 cpe:/o:linux:linux_kernel:2.6.27.14 cpe:/o:linux:linux_kernel:2.6.27.15 cpe:/o:linux:linux_kernel:2.6.27.16 cpe:/o:linux:linux_kernel:2.6.27.17 cpe:/o:linux:linux_kernel:2.6.27.18 cpe:/o:linux:linux_kernel:2.6.27.19 cpe:/o:linux:linux_kernel:2.6.27.20 cpe:/o:linux:linux_kernel:2.6.27.21 cpe:/o:linux:linux_kernel:2.6.27.22 cpe:/o:linux:linux_kernel:2.6.27.23 cpe:/o:linux:linux_kernel:2.6.27.24 cpe:/o:linux:linux_kernel:2.6.27.25 cpe:/o:linux:linux_kernel:2.6.27.26 cpe:/o:linux:linux_kernel:2.6.27.27 cpe:/o:linux:linux_kernel:2.6.27.28 cpe:/o:linux:linux_kernel:2.6.27.29 cpe:/o:linux:linux_kernel:2.6.27.30 cpe:/o:linux:linux_kernel:2.6.27.31 cpe:/o:linux:linux_kernel:2.6.27.32 cpe:/o:linux:linux_kernel:2.6.27.33 cpe:/o:linux:linux_kernel:2.6.27.34 cpe:/o:linux:linux_kernel:2.6.27.35 cpe:/o:linux:linux_kernel:2.6.27.36 cpe:/o:linux:linux_kernel:2.6.27.37 cpe:/o:linux:linux_kernel:2.6.27.38 cpe:/o:linux:linux_kernel:2.6.27.39 cpe:/o:linux:linux_kernel:2.6.27.40 cpe:/o:linux:linux_kernel:2.6.27.41 cpe:/o:linux:linux_kernel:2.6.27.42 cpe:/o:linux:linux_kernel:2.6.27.43 cpe:/o:linux:linux_kernel:2.6.27.44 cpe:/o:linux:linux_kernel:2.6.27.45 cpe:/o:linux:linux_kernel:2.6.27.46 cpe:/o:linux:linux_kernel:2.6.27.47 cpe:/o:linux:linux_kernel:2.6.27.48 cpe:/o:linux:linux_kernel:2.6.27.49 cpe:/o:linux:linux_kernel:2.6.27.50 cpe:/o:linux:linux_kernel:2.6.27.51 cpe:/o:linux:linux_kernel:2.6.27.52 cpe:/o:linux:linux_kernel:2.6.27.53 cpe:/o:linux:linux_kernel:2.6.27.54 cpe:/o:linux:linux_kernel:2.6.27.55 cpe:/o:linux:linux_kernel:2.6.27.56 cpe:/o:linux:linux_kernel:2.6.27.57 cpe:/o:linux:linux_kernel:2.6.28 cpe:/o:linux:linux_kernel:2.6.28:rc1 cpe:/o:linux:linux_kernel:2.6.28:rc2 cpe:/o:linux:linux_kernel:2.6.28:rc3 cpe:/o:linux:linux_kernel:2.6.28:rc4 cpe:/o:linux:linux_kernel:2.6.28:rc5 cpe:/o:linux:linux_kernel:2.6.28:rc6 cpe:/o:linux:linux_kernel:2.6.28:rc7 cpe:/o:linux:linux_kernel:2.6.28:rc8 cpe:/o:linux:linux_kernel:2.6.28:rc9 cpe:/o:linux:linux_kernel:2.6.28.1 cpe:/o:linux:linux_kernel:2.6.28.2 cpe:/o:linux:linux_kernel:2.6.28.3 cpe:/o:linux:linux_kernel:2.6.28.4 cpe:/o:linux:linux_kernel:2.6.28.5 cpe:/o:linux:linux_kernel:2.6.28.6 cpe:/o:linux:linux_kernel:2.6.28.7 cpe:/o:linux:linux_kernel:2.6.28.8 cpe:/o:linux:linux_kernel:2.6.28.9 cpe:/o:linux:linux_kernel:2.6.28.10 cpe:/o:linux:linux_kernel:2.6.29 cpe:/o:linux:linux_kernel:2.6.29:rc1 cpe:/o:linux:linux_kernel:2.6.29:rc2 cpe:/o:linux:linux_kernel:2.6.29:rc3 cpe:/o:linux:linux_kernel:2.6.29:rc4 cpe:/o:linux:linux_kernel:2.6.29:rc5 cpe:/o:linux:linux_kernel:2.6.29:rc6 cpe:/o:linux:linux_kernel:2.6.29:rc7 cpe:/o:linux:linux_kernel:2.6.29:rc8 cpe:/o:linux:linux_kernel:2.6.29.1 cpe:/o:linux:linux_kernel:2.6.29.2 cpe:/o:linux:linux_kernel:2.6.29.3 cpe:/o:linux:linux_kernel:2.6.29.4 cpe:/o:linux:linux_kernel:2.6.29.5 cpe:/o:linux:linux_kernel:2.6.29.6 cpe:/o:linux:linux_kernel:2.6.30 cpe:/o:linux:linux_kernel:2.6.30:rc1 cpe:/o:linux:linux_kernel:2.6.30:rc2 cpe:/o:linux:linux_kernel:2.6.30:rc3 cpe:/o:linux:linux_kernel:2.6.30:rc4 cpe:/o:linux:linux_kernel:2.6.30:rc5 cpe:/o:linux:linux_kernel:2.6.30:rc6 cpe:/o:linux:linux_kernel:2.6.30:rc7 cpe:/o:linux:linux_kernel:2.6.30:rc8 cpe:/o:linux:linux_kernel:2.6.30.1 cpe:/o:linux:linux_kernel:2.6.30.2 cpe:/o:linux:linux_kernel:2.6.30.3 cpe:/o:linux:linux_kernel:2.6.30.4 cpe:/o:linux:linux_kernel:2.6.30.5 cpe:/o:linux:linux_kernel:2.6.30.6 cpe:/o:linux:linux_kernel:2.6.30.7 cpe:/o:linux:linux_kernel:2.6.30.8 cpe:/o:linux:linux_kernel:2.6.30.9 cpe:/o:linux:linux_kernel:2.6.30.10 cpe:/o:linux:linux_kernel:2.6.31 cpe:/o:linux:linux_kernel:2.6.31:rc1 cpe:/o:linux:linux_kernel:2.6.31:rc2 cpe:/o:linux:linux_kernel:2.6.31:rc3 cpe:/o:linux:linux_kernel:2.6.31:rc4 cpe:/o:linux:linux_kernel:2.6.31:rc5 cpe:/o:linux:linux_kernel:2.6.31:rc6 cpe:/o:linux:linux_kernel:2.6.31:rc7 cpe:/o:linux:linux_kernel:2.6.31:rc8 cpe:/o:linux:linux_kernel:2.6.31:rc9 cpe:/o:linux:linux_kernel:2.6.31.1 cpe:/o:linux:linux_kernel:2.6.31.2 cpe:/o:linux:linux_kernel:2.6.31.3 cpe:/o:linux:linux_kernel:2.6.31.4 cpe:/o:linux:linux_kernel:2.6.31.5 cpe:/o:linux:linux_kernel:2.6.31.6 cpe:/o:linux:linux_kernel:2.6.31.7 cpe:/o:linux:linux_kernel:2.6.31.8 cpe:/o:linux:linux_kernel:2.6.31.9 cpe:/o:linux:linux_kernel:2.6.31.10 cpe:/o:linux:linux_kernel:2.6.31.11 cpe:/o:linux:linux_kernel:2.6.31.12 cpe:/o:linux:linux_kernel:2.6.31.13 cpe:/o:linux:linux_kernel:2.6.31.14 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6.32:rc1 cpe:/o:linux:linux_kernel:2.6.32:rc3 cpe:/o:linux:linux_kernel:2.6.32:rc4 cpe:/o:linux:linux_kernel:2.6.32:rc5 cpe:/o:linux:linux_kernel:2.6.32:rc6 cpe:/o:linux:linux_kernel:2.6.32:rc7 cpe:/o:linux:linux_kernel:2.6.32:rc8 cpe:/o:linux:linux_kernel:2.6.32.1 cpe:/o:linux:linux_kernel:2.6.32.2 cpe:/o:linux:linux_kernel:2.6.32.3 cpe:/o:linux:linux_kernel:2.6.32.4 cpe:/o:linux:linux_kernel:2.6.32.5 cpe:/o:linux:linux_kernel:2.6.32.6 cpe:/o:linux:linux_kernel:2.6.32.7 cpe:/o:linux:linux_kernel:2.6.32.8 cpe:/o:linux:linux_kernel:2.6.32.9 cpe:/o:linux:linux_kernel:2.6.32.10 cpe:/o:linux:linux_kernel:2.6.32.11 cpe:/o:linux:linux_kernel:2.6.32.12 cpe:/o:linux:linux_kernel:2.6.32.13 cpe:/o:linux:linux_kernel:2.6.32.14 cpe:/o:linux:linux_kernel:2.6.32.15 cpe:/o:linux:linux_kernel:2.6.32.16 cpe:/o:linux:linux_kernel:2.6.32.17 cpe:/o:linux:linux_kernel:2.6.32.18 cpe:/o:linux:linux_kernel:2.6.32.19 cpe:/o:linux:linux_kernel:2.6.32.20 cpe:/o:linux:linux_kernel:2.6.32.21 cpe:/o:linux:linux_kernel:2.6.32.22 cpe:/o:linux:linux_kernel:2.6.32.23 cpe:/o:linux:linux_kernel:2.6.32.24 cpe:/o:linux:linux_kernel:2.6.32.25 cpe:/o:linux:linux_kernel:2.6.32.26 cpe:/o:linux:linux_kernel:2.6.32.27 cpe:/o:linux:linux_kernel:2.6.33 cpe:/o:linux:linux_kernel:2.6.33:rc1 cpe:/o:linux:linux_kernel:2.6.33:rc2 cpe:/o:linux:linux_kernel:2.6.33:rc3 cpe:/o:linux:linux_kernel:2.6.33:rc4 cpe:/o:linux:linux_kernel:2.6.33:rc5 cpe:/o:linux:linux_kernel:2.6.33:rc6 cpe:/o:linux:linux_kernel:2.6.33:rc7 cpe:/o:linux:linux_kernel:2.6.33:rc8 cpe:/o:linux:linux_kernel:2.6.33.1 cpe:/o:linux:linux_kernel:2.6.33.2 cpe:/o:linux:linux_kernel:2.6.33.3 cpe:/o:linux:linux_kernel:2.6.33.4 cpe:/o:linux:linux_kernel:2.6.33.5 cpe:/o:linux:linux_kernel:2.6.33.6 cpe:/o:linux:linux_kernel:2.6.33.7 cpe:/o:linux:linux_kernel:2.6.34 cpe:/o:linux:linux_kernel:2.6.34:rc1 cpe:/o:linux:linux_kernel:2.6.34:rc2 cpe:/o:linux:linux_kernel:2.6.34:rc3 cpe:/o:linux:linux_kernel:2.6.34:rc4 cpe:/o:linux:linux_kernel:2.6.34:rc5 cpe:/o:linux:linux_kernel:2.6.34:rc6 cpe:/o:linux:linux_kernel:2.6.34:rc7 cpe:/o:linux:linux_kernel:2.6.34.1 cpe:/o:linux:linux_kernel:2.6.34.2 cpe:/o:linux:linux_kernel:2.6.34.3 cpe:/o:linux:linux_kernel:2.6.34.4 cpe:/o:linux:linux_kernel:2.6.34.5 cpe:/o:linux:linux_kernel:2.6.34.6 cpe:/o:linux:linux_kernel:2.6.34.7 cpe:/o:linux:linux_kernel:2.6.35 cpe:/o:linux:linux_kernel:2.6.35:rc1 cpe:/o:linux:linux_kernel:2.6.35:rc2 cpe:/o:linux:linux_kernel:2.6.35:rc3 cpe:/o:linux:linux_kernel:2.6.35:rc4 cpe:/o:linux:linux_kernel:2.6.35:rc5 cpe:/o:linux:linux_kernel:2.6.35:rc6 cpe:/o:linux:linux_kernel:2.6.35.1 cpe:/o:linux:linux_kernel:2.6.35.2 cpe:/o:linux:linux_kernel:2.6.35.3 cpe:/o:linux:linux_kernel:2.6.35.4 cpe:/o:linux:linux_kernel:2.6.35.5 cpe:/o:linux:linux_kernel:2.6.35.6 cpe:/o:linux:linux_kernel:2.6.35.7 cpe:/o:linux:linux_kernel:2.6.35.8 cpe:/o:linux:linux_kernel:2.6.35.9 cpe:/o:linux:linux_kernel:2.6.36 cpe:/o:linux:linux_kernel:2.6.36:rc1 cpe:/o:linux:linux_kernel:2.6.36:rc2 cpe:/o:linux:linux_kernel:2.6.36:rc3 cpe:/o:linux:linux_kernel:2.6.36:rc4 cpe:/o:linux:linux_kernel:2.6.36:rc5 cpe:/o:linux:linux_kernel:2.6.36:rc6 cpe:/o:linux:linux_kernel:2.6.36:rc7 cpe:/o:linux:linux_kernel:2.6.36:rc8 cpe:/o:linux:linux_kernel:2.6.36.1 cpe:/o:linux:linux_kernel:2.6.36.2 cpe:/o:linux:linux_kernel:2.6.36.3 cpe:/o:linux:linux_kernel:2.6.36.4 cpe:/o:linux:linux_kernel:2.6.37 cpe:/o:linux:linux_kernel:2.6.37:rc1 cpe:/o:linux:linux_kernel:2.6.37:rc2 cpe:/o:linux:linux_kernel:2.6.37:rc3 cpe:/o:linux:linux_kernel:2.6.37:rc4 cpe:/o:linux:linux_kernel:2.6.37:rc5 cpe:/o:linux:linux_kernel:2.6.37:rc6 cpe:/o:linux:linux_kernel:2.6.37:rc7 cpe:/o:linux:linux_kernel:2.6.37:rc8 cpe:/o:linux:linux_kernel:2.6.37.1 cpe:/o:linux:linux_kernel:2.6.37.2 cpe:/o:linux:linux_kernel:2.6.37.3 cpe:/o:linux:linux_kernel:2.6.37.4 cpe:/o:linux:linux_kernel:2.6.37.5 cpe:/o:linux:linux_kernel:2.6.37.6 cpe:/o:linux:linux_kernel:2.6.38 cpe:/o:linux:linux_kernel:2.6.38:rc1 cpe:/o:linux:linux_kernel:2.6.38:rc2 cpe:/o:linux:linux_kernel:2.6.38:rc3 cpe:/o:linux:linux_kernel:2.6.38:rc4 cpe:/o:linux:linux_kernel:2.6.38:rc5 cpe:/o:linux:linux_kernel:2.6.38:rc6 cpe:/o:linux:linux_kernel:2.6.38:rc7 cpe:/o:linux:linux_kernel:2.6.38:rc8 cpe:/o:linux:linux_kernel:2.6.38.1 cpe:/o:linux:linux_kernel:2.6.38.2 cpe:/o:linux:linux_kernel:2.6.38.3

CVE-2011-0463

2011-04-09T22:51:19.307-04:00

2012-03-19T00:00:00.000-04:00

2.1

LOCAL

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2011-04-11T08:58:00.000-04:00

CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=272b62c1f0f6f742046e45b50b6fec98860208a0 MLIST [ocfs2-devel] 20110217 [PATCH] Treat writes as new when holes span across page boundaries CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1 UBUNTU USN-1146-1 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=673037 The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

cpe:/a:novell:vibe_onprem:3.0

CVE-2011-0464

2011-03-09T18:00:02.107-05:00

2017-08-16T21:33:31.103-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov SECTRACK 1025163 CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5088845.html BID 46672 VUPEN ADV-2011-0592 XF novell-vibeonprem-unspec-code-exec(65865) Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.

cpe:/a:matthias_hopf:xrdb:1.0.2 cpe:/a:matthias_hopf:xrdb:1.0.3 cpe:/a:matthias_hopf:xrdb:1.0.4 cpe:/a:matthias_hopf:xrdb:1.0.5 cpe:/a:matthias_hopf:xrdb:1.0.6 cpe:/a:matthias_hopf:xrdb:1.0.7 cpe:/a:matthias_hopf:xrdb:1.0.8 cpe:/a:x:x11:r1 cpe:/a:x:x11:r2 cpe:/a:x:x11:r3 cpe:/a:x:x11:r4 cpe:/a:x:x11:r5 cpe:/a:x:x11:r6 cpe:/a:x:x11:r6.1 cpe:/a:x:x11:r6.3 cpe:/a:x:x11:r6.4 cpe:/a:x:x11:r6.5.1 cpe:/a:x:x11:r6.6 cpe:/a:x:x11:r6.7 cpe:/a:x:x11:r6.7.0 cpe:/a:x:x11:r6.8.0 cpe:/a:x:x11:r6.8.1 cpe:/a:x:x11:r6.8.2 cpe:/a:x:x11:r6.9.0 cpe:/a:x:x11:r7.0 cpe:/a:x:x11:r7.1 cpe:/a:x:x11:r7.2 cpe:/a:x:x11:r7.3 cpe:/a:x:x11:r7.4 cpe:/a:x:x11:r7.5 cpe:/a:x:x11:r7.6

CVE-2011-0465

2011-04-08T11:17:25.697-04:00

2017-08-16T21:33:31.180-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 FEDORA FEDORA-2011-4871 MLIST [xorg-announce] 20110405 xrdb 1.0.9 MLIST [xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname SUSE SUSE-SA:2011:016 SLACKWARE SSA:2011-096-01 DEBIAN DSA-2213 MANDRIVA MDVSA-2011:076 REDHAT RHSA-2011:0432 REDHAT RHSA-2011:0433 BID 47189 SECTRACK 1025317 UBUNTU USN-1107-1 VUPEN ADV-2011-0880 VUPEN ADV-2011-0889 VUPEN ADV-2011-0906 VUPEN ADV-2011-0929 VUPEN ADV-2011-0966 VUPEN ADV-2011-0975 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=680196 XF xorg11-xrdb-command-execution(66585) SUSE openSUSE-SU-2011:0298 xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

cpe:/a:novell:opensuse_build_service:2.0 cpe:/a:novell:opensuse_build_service:2.0.0 cpe:/a:novell:opensuse_build_service:2.0.1 cpe:/a:novell:opensuse_build_service:2.0.2 cpe:/a:novell:opensuse_build_service:2.0.3 cpe:/a:novell:opensuse_build_service:2.0.4 cpe:/a:novell:opensuse_build_service:2.0.5 cpe:/a:novell:opensuse_build_service:2.0.6 cpe:/a:novell:opensuse_build_service:2.0.7 cpe:/a:novell:opensuse_build_service:2.0.16 cpe:/a:novell:opensuse_build_service:2.0.103 cpe:/a:novell:opensuse_build_service:2.0.104 cpe:/a:novell:opensuse_build_service:2.0.106 cpe:/a:novell:opensuse_build_service:2.1 cpe:/a:novell:opensuse_build_service:2.1.0 cpe:/a:novell:opensuse_build_service:2.1.1 cpe:/a:novell:opensuse_build_service:2.1.2 cpe:/a:novell:opensuse_build_service:2.1.3 cpe:/a:novell:opensuse_build_service:2.1.4 cpe:/a:novell:opensuse_build_service:2.1.5 cpe:/a:novell:opensuse_build_service:2.1.5.1

CVE-2011-0466

2011-04-09T22:51:19.383-04:00

2011-04-21T00:00:00.000-04:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2011-04-11T09:08:00.000-04:00

CONFIRM http://news.opensuse.org/2011/03/02/build-service-team-releases-new-versions-fixing-security-problems/ The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors.

CVE-2011-0467

2018-06-07T17:29:00.260-04:00

2019-10-09T19:02:21.097-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov CONFIRM https://bugzilla.suse.com/show_bug.cgi?id=675039 CONFIRM https://www.suse.com/security/cve/CVE-2011-0467/ A vulnerability in the listing of available software of SUSE SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.

cpe:/o:opensuse:opensuse:11.3 cpe:/o:opensuse:opensuse:11.4

CVE-2011-0468

2011-04-04T08:27:36.577-04:00

2018-10-30T12:27:33.420-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov SUSE SUSE-SR:2011:005 MLIST [opensuse-updates] 20110322 openSUSE-SU-2011:0207-1 (moderate): aaa_base security update CONFIRM http://support.novell.com/security/cve/CVE-2011-0468.html BID 46983 CONFIRM https://bugzilla.novell.com/678827 XF aaabase-filename-privilege-escalation(66245) The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.

cpe:/o:suse:opensuse:-

CVE-2011-0469

2017-08-17T12:29:00.190-04:00

2017-08-25T11:11:53.807-04:00

9.0

NETWORK

LOW

NONE

PARTIAL

COMPLETE

PARTIAL

http://nvd.nist.gov

2017-08-25T08:41:51.740-04:00

MISC https://bugzilla.suse.com/show_bug.cgi?id=679325 MISC https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6 MISC https://github.com/openSUSE/open-build-service/commit/76b0ab003f34435ca90d943e02dd22279cdeec2a Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.

cpe:/a:google:chrome:0.1.38.1 cpe:/a:google:chrome:0.1.38.2 cpe:/a:google:chrome:0.1.38.4 cpe:/a:google:chrome:0.1.40.1 cpe:/a:google:chrome:0.1.42.2 cpe:/a:google:chrome:0.1.42.3 cpe:/a:google:chrome:0.2.149.27 cpe:/a:google:chrome:0.2.149.29 cpe:/a:google:chrome:0.2.149.30 cpe:/a:google:chrome:0.2.152.1 cpe:/a:google:chrome:0.2.153.1 cpe:/a:google:chrome:0.3.154.0 cpe:/a:google:chrome:0.3.154.3 cpe:/a:google:chrome:0.4.154.18 cpe:/a:google:chrome:0.4.154.22 cpe:/a:google:chrome:0.4.154.31 cpe:/a:google:chrome:0.4.154.33 cpe:/a:google:chrome:1.0.154.36 cpe:/a:google:chrome:1.0.154.39 cpe:/a:google:chrome:1.0.154.42 cpe:/a:google:chrome:1.0.154.43 cpe:/a:google:chrome:1.0.154.46 cpe:/a:google:chrome:1.0.154.48 cpe:/a:google:chrome:1.0.154.52 cpe:/a:google:chrome:1.0.154.53 cpe:/a:google:chrome:1.0.154.59 cpe:/a:google:chrome:1.0.154.64 cpe:/a:google:chrome:1.0.154.65 cpe:/a:google:chrome:2.0.156.1 cpe:/a:google:chrome:2.0.157.0 cpe:/a:google:chrome:2.0.157.2 cpe:/a:google:chrome:2.0.158.0 cpe:/a:google:chrome:2.0.159.0 cpe:/a:google:chrome:2.0.169.0 cpe:/a:google:chrome:2.0.169.1 cpe:/a:google:chrome:2.0.170.0 cpe:/a:google:chrome:2.0.172 cpe:/a:google:chrome:2.0.172.2 cpe:/a:google:chrome:2.0.172.8 cpe:/a:google:chrome:2.0.172.27 cpe:/a:google:chrome:2.0.172.28 cpe:/a:google:chrome:2.0.172.30 cpe:/a:google:chrome:2.0.172.31 cpe:/a:google:chrome:2.0.172.33 cpe:/a:google:chrome:2.0.172.37 cpe:/a:google:chrome:2.0.172.38 cpe:/a:google:chrome:3.0.182.2 cpe:/a:google:chrome:3.0.190.2 cpe:/a:google:chrome:3.0.193.2:beta cpe:/a:google:chrome:3.0.195.2 cpe:/a:google:chrome:3.0.195.21 cpe:/a:google:chrome:3.0.195.24 cpe:/a:google:chrome:3.0.195.25 cpe:/a:google:chrome:3.0.195.27 cpe:/a:google:chrome:3.0.195.32 cpe:/a:google:chrome:3.0.195.33 cpe:/a:google:chrome:3.0.195.36 cpe:/a:google:chrome:3.0.195.37 cpe:/a:google:chrome:3.0.195.38 cpe:/a:google:chrome:4.0.212.0 cpe:/a:google:chrome:4.0.212.1 cpe:/a:google:chrome:4.0.221.8 cpe:/a:google:chrome:4.0.222.0 cpe:/a:google:chrome:4.0.222.1 cpe:/a:google:chrome:4.0.222.5 cpe:/a:google:chrome:4.0.222.12 cpe:/a:google:chrome:4.0.223.0 cpe:/a:google:chrome:4.0.223.1 cpe:/a:google:chrome:4.0.223.2 cpe:/a:google:chrome:4.0.223.4 cpe:/a:google:chrome:4.0.223.5 cpe:/a:google:chrome:4.0.223.7 cpe:/a:google:chrome:4.0.223.8 cpe:/a:google:chrome:4.0.223.9 cpe:/a:google:chrome:4.0.224.0 cpe:/a:google:chrome:4.0.229.1 cpe:/a:google:chrome:4.0.235.0 cpe:/a:google:chrome:4.0.236.0 cpe:/a:google:chrome:4.0.237.0 cpe:/a:google:chrome:4.0.237.1 cpe:/a:google:chrome:4.0.239.0 cpe:/a:google:chrome:4.0.240.0 cpe:/a:google:chrome:4.0.241.0 cpe:/a:google:chrome:4.0.242.0 cpe:/a:google:chrome:4.0.243.0 cpe:/a:google:chrome:4.0.244.0 cpe:/a:google:chrome:4.0.245.0 cpe:/a:google:chrome:4.0.245.1 cpe:/a:google:chrome:4.0.246.0 cpe:/a:google:chrome:4.0.247.0 cpe:/a:google:chrome:4.0.248.0 cpe:/a:google:chrome:4.0.249.0 cpe:/a:google:chrome:4.0.249.1 cpe:/a:google:chrome:4.0.249.2 cpe:/a:google:chrome:4.0.249.3 cpe:/a:google:chrome:4.0.249.4 cpe:/a:google:chrome:4.0.249.5 cpe:/a:google:chrome:4.0.249.6 cpe:/a:google:chrome:4.0.249.7 cpe:/a:google:chrome:4.0.249.8 cpe:/a:google:chrome:4.0.249.9 cpe:/a:google:chrome:4.0.249.10 cpe:/a:google:chrome:4.0.249.11 cpe:/a:google:chrome:4.0.249.12 cpe:/a:google:chrome:4.0.249.14 cpe:/a:google:chrome:4.0.249.16 cpe:/a:google:chrome:4.0.249.17 cpe:/a:google:chrome:4.0.249.18 cpe:/a:google:chrome:4.0.249.19 cpe:/a:google:chrome:4.0.249.20 cpe:/a:google:chrome:4.0.249.21 cpe:/a:google:chrome:4.0.249.22 cpe:/a:google:chrome:4.0.249.23 cpe:/a:google:chrome:4.0.249.24 cpe:/a:google:chrome:4.0.249.25 cpe:/a:google:chrome:4.0.249.26 cpe:/a:google:chrome:4.0.249.27 cpe:/a:google:chrome:4.0.249.28 cpe:/a:google:chrome:4.0.249.29 cpe:/a:google:chrome:4.0.249.30 cpe:/a:google:chrome:4.0.249.31 cpe:/a:google:chrome:4.0.249.32 cpe:/a:google:chrome:4.0.249.33 cpe:/a:google:chrome:4.0.249.34 cpe:/a:google:chrome:4.0.249.35 cpe:/a:google:chrome:4.0.249.36 cpe:/a:google:chrome:4.0.249.37 cpe:/a:google:chrome:4.0.249.38 cpe:/a:google:chrome:4.0.249.39 cpe:/a:google:chrome:4.0.249.40 cpe:/a:google:chrome:4.0.249.41 cpe:/a:google:chrome:4.0.249.42 cpe:/a:google:chrome:4.0.249.43 cpe:/a:google:chrome:4.0.249.44 cpe:/a:google:chrome:4.0.249.45 cpe:/a:google:chrome:4.0.249.46 cpe:/a:google:chrome:4.0.249.47 cpe:/a:google:chrome:4.0.249.48 cpe:/a:google:chrome:4.0.249.49 cpe:/a:google:chrome:4.0.249.50 cpe:/a:google:chrome:4.0.249.51 cpe:/a:google:chrome:4.0.249.52 cpe:/a:google:chrome:4.0.249.53 cpe:/a:google:chrome:4.0.249.54 cpe:/a:google:chrome:4.0.249.55 cpe:/a:google:chrome:4.0.249.56 cpe:/a:google:chrome:4.0.249.57 cpe:/a:google:chrome:4.0.249.58 cpe:/a:google:chrome:4.0.249.59 cpe:/a:google:chrome:4.0.249.60 cpe:/a:google:chrome:4.0.249.61 cpe:/a:google:chrome:4.0.249.62 cpe:/a:google:chrome:4.0.249.63 cpe:/a:google:chrome:4.0.249.64 cpe:/a:google:chrome:4.0.249.65 cpe:/a:google:chrome:4.0.249.66 cpe:/a:google:chrome:4.0.249.67 cpe:/a:google:chrome:4.0.249.68 cpe:/a:google:chrome:4.0.249.69 cpe:/a:google:chrome:4.0.249.70 cpe:/a:google:chrome:4.0.249.71 cpe:/a:google:chrome:4.0.249.72 cpe:/a:google:chrome:4.0.249.73 cpe:/a:google:chrome:4.0.249.74 cpe:/a:google:chrome:4.0.249.75 cpe:/a:google:chrome:4.0.249.76 cpe:/a:google:chrome:4.0.249.77 cpe:/a:google:chrome:4.0.249.78 cpe:/a:google:chrome:4.0.249.78:beta cpe:/a:google:chrome:4.0.249.79 cpe:/a:google:chrome:4.0.249.80 cpe:/a:google:chrome:4.0.249.81 cpe:/a:google:chrome:4.0.249.82 cpe:/a:google:chrome:4.0.249.89 cpe:/a:google:chrome:4.0.250.0 cpe:/a:google:chrome:4.0.250.2 cpe:/a:google:chrome:4.0.251.0 cpe:/a:google:chrome:4.0.252.0 cpe:/a:google:chrome:4.0.254.0 cpe:/a:google:chrome:4.0.255.0 cpe:/a:google:chrome:4.0.256.0 cpe:/a:google:chrome:4.0.257.0 cpe:/a:google:chrome:4.0.258.0 cpe:/a:google:chrome:4.0.259.0 cpe:/a:google:chrome:4.0.260.0 cpe:/a:google:chrome:4.0.261.0 cpe:/a:google:chrome:4.0.262.0 cpe:/a:google:chrome:4.0.263.0 cpe:/a:google:chrome:4.0.264.0 cpe:/a:google:chrome:4.0.265.0 cpe:/a:google:chrome:4.0.266.0 cpe:/a:google:chrome:4.0.267.0 cpe:/a:google:chrome:4.0.268.0 cpe:/a:google:chrome:4.0.269.0 cpe:/a:google:chrome:4.0.271.0 cpe:/a:google:chrome:4.0.272.0 cpe:/a:google:chrome:4.0.275.0 cpe:/a:google:chrome:4.0.275.1 cpe:/a:google:chrome:4.0.276.0 cpe:/a:google:chrome:4.0.277.0 cpe:/a:google:chrome:4.0.278.0 cpe:/a:google:chrome:4.0.286.0 cpe:/a:google:chrome:4.0.287.0 cpe:/a:google:chrome:4.0.288.0 cpe:/a:google:chrome:4.0.288.1 cpe:/a:google:chrome:4.0.289.0 cpe:/a:google:chrome:4.0.290.0 cpe:/a:google:chrome:4.0.292.0 cpe:/a:google:chrome:4.0.294.0 cpe:/a:google:chrome:4.0.295.0 cpe:/a:google:chrome:4.0.296.0 cpe:/a:google:chrome:4.0.299.0 cpe:/a:google:chrome:4.0.300.0 cpe:/a:google:chrome:4.0.301.0 cpe:/a:google:chrome:4.0.302.0 cpe:/a:google:chrome:4.0.302.1 cpe:/a:google:chrome:4.0.302.2 cpe:/a:google:chrome:4.0.302.3 cpe:/a:google:chrome:4.0.303.0 cpe:/a:google:chrome:4.0.304.0 cpe:/a:google:chrome:4.0.305.0 cpe:/a:google:chrome:4.1:beta cpe:/a:google:chrome:4.1.249.0 cpe:/a:google:chrome:4.1.249.1001 cpe:/a:google:chrome:4.1.249.1004 cpe:/a:google:chrome:4.1.249.1006 cpe:/a:google:chrome:4.1.249.1007 cpe:/a:google:chrome:4.1.249.1008 cpe:/a:google:chrome:4.1.249.1009 cpe:/a:google:chrome:4.1.249.1010 cpe:/a:google:chrome:4.1.249.1011 cpe:/a:google:chrome:4.1.249.1012 cpe:/a:google:chrome:4.1.249.1013 cpe:/a:google:chrome:4.1.249.1014 cpe:/a:google:chrome:4.1.249.1015 cpe:/a:google:chrome:4.1.249.1016 cpe:/a:google:chrome:4.1.249.1017 cpe:/a:google:chrome:4.1.249.1018 cpe:/a:google:chrome:4.1.249.1019 cpe:/a:google:chrome:4.1.249.1020 cpe:/a:google:chrome:4.1.249.1021 cpe:/a:google:chrome:4.1.249.1022 cpe:/a:google:chrome:4.1.249.1023 cpe:/a:google:chrome:4.1.249.1024 cpe:/a:google:chrome:4.1.249.1025 cpe:/a:google:chrome:4.1.249.1026 cpe:/a:google:chrome:4.1.249.1027 cpe:/a:google:chrome:4.1.249.1028 cpe:/a:google:chrome:4.1.249.1029 cpe:/a:google:chrome:4.1.249.1030 cpe:/a:google:chrome:4.1.249.1031 cpe:/a:google:chrome:4.1.249.1032 cpe:/a:google:chrome:4.1.249.1033 cpe:/a:google:chrome:4.1.249.1034 cpe:/a:google:chrome:4.1.249.1035 cpe:/a:google:chrome:4.1.249.1036 cpe:/a:google:chrome:4.1.249.1037 cpe:/a:google:chrome:4.1.249.1038 cpe:/a:google:chrome:4.1.249.1039 cpe:/a:google:chrome:4.1.249.1040 cpe:/a:google:chrome:4.1.249.1041 cpe:/a:google:chrome:4.1.249.1042 cpe:/a:google:chrome:4.1.249.1043 cpe:/a:google:chrome:4.1.249.1044 cpe:/a:google:chrome:4.1.249.1045 cpe:/a:google:chrome:4.1.249.1046 cpe:/a:google:chrome:4.1.249.1047 cpe:/a:google:chrome:4.1.249.1048 cpe:/a:google:chrome:4.1.249.1049 cpe:/a:google:chrome:4.1.249.1050 cpe:/a:google:chrome:4.1.249.1051 cpe:/a:google:chrome:4.1.249.1052 cpe:/a:google:chrome:4.1.249.1053 cpe:/a:google:chrome:4.1.249.1054 cpe:/a:google:chrome:4.1.249.1055 cpe:/a:google:chrome:4.1.249.1056 cpe:/a:google:chrome:4.1.249.1057 cpe:/a:google:chrome:4.1.249.1058 cpe:/a:google:chrome:4.1.249.1059 cpe:/a:google:chrome:4.1.249.1060 cpe:/a:google:chrome:4.1.249.1061 cpe:/a:google:chrome:4.1.249.1062 cpe:/a:google:chrome:4.1.249.1063 cpe:/a:google:chrome:4.1.249.1064 cpe:/a:google:chrome:5.0.306.0 cpe:/a:google:chrome:5.0.306.1 cpe:/a:google:chrome:5.0.307.1 cpe:/a:google:chrome:5.0.307.3 cpe:/a:google:chrome:5.0.307.4 cpe:/a:google:chrome:5.0.307.5 cpe:/a:google:chrome:5.0.307.6 cpe:/a:google:chrome:5.0.307.7 cpe:/a:google:chrome:5.0.307.8 cpe:/a:google:chrome:5.0.307.9 cpe:/a:google:chrome:5.0.307.10 cpe:/a:google:chrome:5.0.307.11 cpe:/a:google:chrome:5.0.308.0 cpe:/a:google:chrome:5.0.309.0 cpe:/a:google:chrome:5.0.313.0 cpe:/a:google:chrome:5.0.314.0 cpe:/a:google:chrome:5.0.314.1 cpe:/a:google:chrome:5.0.315.0 cpe:/a:google:chrome:5.0.316.0 cpe:/a:google:chrome:5.0.317.0 cpe:/a:google:chrome:5.0.317.1 cpe:/a:google:chrome:5.0.317.2 cpe:/a:google:chrome:5.0.318.0 cpe:/a:google:chrome:5.0.319.0 cpe:/a:google:chrome:5.0.320.0 cpe:/a:google:chrome:5.0.321.0 cpe:/a:google:chrome:5.0.322.0 cpe:/a:google:chrome:5.0.322.1 cpe:/a:google:chrome:5.0.322.2 cpe:/a:google:chrome:5.0.323.0 cpe:/a:google:chrome:5.0.324.0 cpe:/a:google:chrome:5.0.325.0 cpe:/a:google:chrome:5.0.326.0 cpe:/a:google:chrome:5.0.327.0 cpe:/a:google:chrome:5.0.328.0 cpe:/a:google:chrome:5.0.329.0 cpe:/a:google:chrome:5.0.330.0 cpe:/a:google:chrome:5.0.332.0 cpe:/a:google:chrome:5.0.333.0 cpe:/a:google:chrome:5.0.334.0 cpe:/a:google:chrome:5.0.335.0 cpe:/a:google:chrome:5.0.335.1 cpe:/a:google:chrome:5.0.335.2 cpe:/a:google:chrome:5.0.335.3 cpe:/a:google:chrome:5.0.335.4 cpe:/a:google:chrome:5.0.336.0 cpe:/a:google:chrome:5.0.337.0 cpe:/a:google:chrome:5.0.338.0 cpe:/a:google:chrome:5.0.339.0 cpe:/a:google:chrome:5.0.340.0 cpe:/a:google:chrome:5.0.341.0 cpe:/a:google:chrome:5.0.342.0 cpe:/a:google:chrome:5.0.342.1 cpe:/a:google:chrome:5.0.342.2 cpe:/a:google:chrome:5.0.342.3 cpe:/a:google:chrome:5.0.342.4 cpe:/a:google:chrome:5.0.342.5 cpe:/a:google:chrome:5.0.342.6 cpe:/a:google:chrome:5.0.342.7 cpe:/a:google:chrome:5.0.342.8 cpe:/a:google:chrome:5.0.342.9 cpe:/a:google:chrome:5.0.343.0 cpe:/a:google:chrome:5.0.344.0 cpe:/a:google:chrome:5.0.345.0 cpe:/a:google:chrome:5.0.346.0 cpe:/a:google:chrome:5.0.347.0 cpe:/a:google:chrome:5.0.348.0 cpe:/a:google:chrome:5.0.349.0 cpe:/a:google:chrome:5.0.350.0 cpe:/a:google:chrome:5.0.350.1 cpe:/a:google:chrome:5.0.351.0 cpe:/a:google:chrome:5.0.353.0 cpe:/a:google:chrome:5.0.354.0 cpe:/a:google:chrome:5.0.354.1 cpe:/a:google:chrome:5.0.355.0 cpe:/a:google:chrome:5.0.356.0 cpe:/a:google:chrome:5.0.356.1 cpe:/a:google:chrome:5.0.356.2 cpe:/a:google:chrome:5.0.357.0 cpe:/a:google:chrome:5.0.358.0 cpe:/a:google:chrome:5.0.359.0 cpe:/a:google:chrome:5.0.360.0 cpe:/a:google:chrome:5.0.360.3 cpe:/a:google:chrome:5.0.360.4 cpe:/a:google:chrome:5.0.360.5 cpe:/a:google:chrome:5.0.361.0 cpe:/a:google:chrome:5.0.362.0 cpe:/a:google:chrome:5.0.363.0 cpe:/a:google:chrome:5.0.364.0 cpe:/a:google:chrome:5.0.365.0 cpe:/a:google:chrome:5.0.366.0 cpe:/a:google:chrome:5.0.366.1 cpe:/a:google:chrome:5.0.366.2 cpe:/a:google:chrome:5.0.366.3 cpe:/a:google:chrome:5.0.366.4 cpe:/a:google:chrome:5.0.367.0 cpe:/a:google:chrome:5.0.368.0 cpe:/a:google:chrome:5.0.369.0 cpe:/a:google:chrome:5.0.369.1 cpe:/a:google:chrome:5.0.369.2 cpe:/a:google:chrome:5.0.370.0 cpe:/a:google:chrome:5.0.371.0 cpe:/a:google:chrome:5.0.372.0 cpe:/a:google:chrome:5.0.373.0 cpe:/a:google:chrome:5.0.374.0 cpe:/a:google:chrome:5.0.375.0 cpe:/a:google:chrome:5.0.375.1 cpe:/a:google:chrome:5.0.375.2 cpe:/a:google:chrome:5.0.375.3 cpe:/a:google:chrome:5.0.375.4 cpe:/a:google:chrome:5.0.375.5 cpe:/a:google:chrome:5.0.375.6 cpe:/a:google:chrome:5.0.375.7 cpe:/a:google:chrome:5.0.375.8 cpe:/a:google:chrome:5.0.375.9 cpe:/a:google:chrome:5.0.375.10 cpe:/a:google:chrome:5.0.375.11 cpe:/a:google:chrome:5.0.375.12 cpe:/a:google:chrome:5.0.375.13 cpe:/a:google:chrome:5.0.375.14 cpe:/a:google:chrome:5.0.375.15 cpe:/a:google:chrome:5.0.375.16 cpe:/a:google:chrome:5.0.375.17 cpe:/a:google:chrome:5.0.375.18 cpe:/a:google:chrome:5.0.375.19 cpe:/a:google:chrome:5.0.375.20 cpe:/a:google:chrome:5.0.375.21 cpe:/a:google:chrome:5.0.375.22 cpe:/a:google:chrome:5.0.375.23 cpe:/a:google:chrome:5.0.375.25 cpe:/a:google:chrome:5.0.375.26 cpe:/a:google:chrome:5.0.375.27 cpe:/a:google:chrome:5.0.375.28 cpe:/a:google:chrome:5.0.375.29 cpe:/a:google:chrome:5.0.375.30 cpe:/a:google:chrome:5.0.375.31 cpe:/a:google:chrome:5.0.375.32 cpe:/a:google:chrome:5.0.375.33 cpe:/a:google:chrome:5.0.375.34 cpe:/a:google:chrome:5.0.375.35 cpe:/a:google:chrome:5.0.375.36 cpe:/a:google:chrome:5.0.375.37 cpe:/a:google:chrome:5.0.375.38 cpe:/a:google:chrome:5.0.375.39 cpe:/a:google:chrome:5.0.375.40 cpe:/a:google:chrome:5.0.375.41 cpe:/a:google:chrome:5.0.375.42 cpe:/a:google:chrome:5.0.375.43 cpe:/a:google:chrome:5.0.375.44 cpe:/a:google:chrome:5.0.375.45 cpe:/a:google:chrome:5.0.375.46 cpe:/a:google:chrome:5.0.375.47 cpe:/a:google:chrome:5.0.375.48 cpe:/a:google:chrome:5.0.375.49 cpe:/a:google:chrome:5.0.375.50 cpe:/a:google:chrome:5.0.375.51 cpe:/a:google:chrome:5.0.375.52 cpe:/a:google:chrome:5.0.375.53 cpe:/a:google:chrome:5.0.375.54 cpe:/a:google:chrome:5.0.375.55 cpe:/a:google:chrome:5.0.375.56 cpe:/a:google:chrome:5.0.375.57 cpe:/a:google:chrome:5.0.375.58 cpe:/a:google:chrome:5.0.375.59 cpe:/a:google:chrome:5.0.375.60 cpe:/a:google:chrome:5.0.375.61 cpe:/a:google:chrome:5.0.375.62 cpe:/a:google:chrome:5.0.375.63 cpe:/a:google:chrome:5.0.375.64 cpe:/a:google:chrome:5.0.375.65 cpe:/a:google:chrome:5.0.375.66 cpe:/a:google:chrome:5.0.375.67 cpe:/a:google:chrome:5.0.375.68 cpe:/a:google:chrome:5.0.375.69 cpe:/a:google:chrome:5.0.375.70 cpe:/a:google:chrome:5.0.375.71 cpe:/a:google:chrome:5.0.375.72 cpe:/a:google:chrome:5.0.375.73 cpe:/a:google:chrome:5.0.375.74 cpe:/a:google:chrome:5.0.375.75 cpe:/a:google:chrome:5.0.375.76 cpe:/a:google:chrome:5.0.375.77 cpe:/a:google:chrome:5.0.375.78 cpe:/a:google:chrome:5.0.375.79 cpe:/a:google:chrome:5.0.375.80 cpe:/a:google:chrome:5.0.375.81 cpe:/a:google:chrome:5.0.375.82 cpe:/a:google:chrome:5.0.375.83 cpe:/a:google:chrome:5.0.375.84 cpe:/a:google:chrome:5.0.375.85 cpe:/a:google:chrome:5.0.375.86 cpe:/a:google:chrome:5.0.375.87 cpe:/a:google:chrome:5.0.375.88 cpe:/a:google:chrome:5.0.375.89 cpe:/a:google:chrome:5.0.375.90 cpe:/a:google:chrome:5.0.375.91 cpe:/a:google:chrome:5.0.375.92 cpe:/a:google:chrome:5.0.375.93 cpe:/a:google:chrome:5.0.375.94 cpe:/a:google:chrome:5.0.375.95 cpe:/a:google:chrome:5.0.375.96 cpe:/a:google:chrome:5.0.375.97 cpe:/a:google:chrome:5.0.375.98 cpe:/a:google:chrome:5.0.375.99 cpe:/a:google:chrome:5.0.375.125 cpe:/a:google:chrome:5.0.375.126 cpe:/a:google:chrome:5.0.375.127 cpe:/a:google:chrome:5.0.376.0 cpe:/a:google:chrome:5.0.378.0 cpe:/a:google:chrome:5.0.379.0 cpe:/a:google:chrome:5.0.380.0 cpe:/a:google:chrome:5.0.381.0 cpe:/a:google:chrome:5.0.382.0 cpe:/a:google:chrome:5.0.382.3 cpe:/a:google:chrome:5.0.383.0 cpe:/a:google:chrome:5.0.384.0 cpe:/a:google:chrome:5.0.385.0 cpe:/a:google:chrome:5.0.386.0 cpe:/a:google:chrome:5.0.387.0 cpe:/a:google:chrome:5.0.390.0 cpe:/a:google:chrome:5.0.391.0 cpe:/a:google:chrome:5.0.392.0 cpe:/a:google:chrome:5.0.393.0 cpe:/a:google:chrome:5.0.394.0 cpe:/a:google:chrome:5.0.395.0 cpe:/a:google:chrome:5.0.396.0 cpe:/a:google:chrome:6.0.397.0 cpe:/a:google:chrome:6.0.398.0 cpe:/a:google:chrome:6.0.399.0 cpe:/a:google:chrome:6.0.400.0 cpe:/a:google:chrome:6.0.401.0 cpe:/a:google:chrome:6.0.401.1 cpe:/a:google:chrome:6.0.403.0 cpe:/a:google:chrome:6.0.404.0 cpe:/a:google:chrome:6.0.404.1 cpe:/a:google:chrome:6.0.404.2 cpe:/a:google:chrome:6.0.405.0 cpe:/a:google:chrome:6.0.406.0 cpe:/a:google:chrome:6.0.407.0 cpe:/a:google:chrome:6.0.408.0 cpe:/a:google:chrome:6.0.408.1 cpe:/a:google:chrome:6.0.408.2 cpe:/a:google:chrome:6.0.408.3 cpe:/a:google:chrome:6.0.408.4 cpe:/a:google:chrome:6.0.408.5 cpe:/a:google:chrome:6.0.408.6 cpe:/a:google:chrome:6.0.408.7 cpe:/a:google:chrome:6.0.408.8 cpe:/a:google:chrome:6.0.408.9 cpe:/a:google:chrome:6.0.408.10 cpe:/a:google:chrome:6.0.409.0 cpe:/a:google:chrome:6.0.410.0 cpe:/a:google:chrome:6.0.411.0 cpe:/a:google:chrome:6.0.412.0 cpe:/a:google:chrome:6.0.413.0 cpe:/a:google:chrome:6.0.414.0 cpe:/a:google:chrome:6.0.415.0 cpe:/a:google:chrome:6.0.415.1 cpe:/a:google:chrome:6.0.416.0 cpe:/a:google:chrome:6.0.416.1 cpe:/a:google:chrome:6.0.417.0 cpe:/a:google:chrome:6.0.418.0 cpe:/a:google:chrome:6.0.418.1 cpe:/a:google:chrome:6.0.418.2 cpe:/a:google:chrome:6.0.418.3 cpe:/a:google:chrome:6.0.418.4 cpe:/a:google:chrome:6.0.418.5 cpe:/a:google:chrome:6.0.418.6 cpe:/a:google:chrome:6.0.418.7 cpe:/a:google:chrome:6.0.418.8 cpe:/a:google:chrome:6.0.418.9 cpe:/a:google:chrome:6.0.419.0 cpe:/a:google:chrome:6.0.421.0 cpe:/a:google:chrome:6.0.422.0 cpe:/a:google:chrome:6.0.423.0 cpe:/a:google:chrome:6.0.424.0 cpe:/a:google:chrome:6.0.425.0 cpe:/a:google:chrome:6.0.426.0 cpe:/a:google:chrome:6.0.427.0 cpe:/a:google:chrome:6.0.428.0 cpe:/a:google:chrome:6.0.430.0 cpe:/a:google:chrome:6.0.431.0 cpe:/a:google:chrome:6.0.432.0 cpe:/a:google:chrome:6.0.433.0 cpe:/a:google:chrome:6.0.434.0 cpe:/a:google:chrome:6.0.435.0 cpe:/a:google:chrome:6.0.436.0 cpe:/a:google:chrome:6.0.437.0 cpe:/a:google:chrome:6.0.437.1 cpe:/a:google:chrome:6.0.437.2 cpe:/a:google:chrome:6.0.437.3 cpe:/a:google:chrome:6.0.438.0 cpe:/a:google:chrome:6.0.440.0 cpe:/a:google:chrome:6.0.441.0 cpe:/a:google:chrome:6.0.443.0 cpe:/a:google:chrome:6.0.444.0 cpe:/a:google:chrome:6.0.445.0 cpe:/a:google:chrome:6.0.445.1 cpe:/a:google:chrome:6.0.446.0 cpe:/a:google:chrome:6.0.447.0 cpe:/a:google:chrome:6.0.447.1 cpe:/a:google:chrome:6.0.447.2 cpe:/a:google:chrome:6.0.449.0 cpe:/a:google:chrome:6.0.450.0 cpe:/a:google:chrome:6.0.450.1 cpe:/a:google:chrome:6.0.450.2 cpe:/a:google:chrome:6.0.450.3 cpe:/a:google:chrome:6.0.450.4 cpe:/a:google:chrome:6.0.451.0 cpe:/a:google:chrome:6.0.452.0 cpe:/a:google:chrome:6.0.452.1 cpe:/a:google:chrome:6.0.453.0 cpe:/a:google:chrome:6.0.453.1 cpe:/a:google:chrome:6.0.454.0 cpe:/a:google:chrome:6.0.455.0 cpe:/a:google:chrome:6.0.456.0 cpe:/a:google:chrome:6.0.457.0 cpe:/a:google:chrome:6.0.458.0 cpe:/a:google:chrome:6.0.458.1 cpe:/a:google:chrome:6.0.458.2 cpe:/a:google:chrome:6.0.459.0 cpe:/a:google:chrome:6.0.460.0 cpe:/a:google:chrome:6.0.461.0 cpe:/a:google:chrome:6.0.462.0 cpe:/a:google:chrome:6.0.464.1 cpe:/a:google:chrome:6.0.465.1 cpe:/a:google:chrome:6.0.465.2 cpe:/a:google:chrome:6.0.466.0 cpe:/a:google:chrome:6.0.466.1 cpe:/a:google:chrome:6.0.466.2 cpe:/a:google:chrome:6.0.466.3 cpe:/a:google:chrome:6.0.466.4 cpe:/a:google:chrome:6.0.466.5 cpe:/a:google:chrome:6.0.466.6 cpe:/a:google:chrome:6.0.467.0 cpe:/a:google:chrome:6.0.469.0 cpe:/a:google:chrome:6.0.470.0 cpe:/a:google:chrome:6.0.471.0 cpe:/a:google:chrome:6.0.472.0 cpe:/a:google:chrome:6.0.472.1 cpe:/a:google:chrome:6.0.472.2 cpe:/a:google:chrome:6.0.472.3 cpe:/a:google:chrome:6.0.472.4 cpe:/a:google:chrome:6.0.472.5 cpe:/a:google:chrome:6.0.472.6 cpe:/a:google:chrome:6.0.472.7 cpe:/a:google:chrome:6.0.472.8 cpe:/a:google:chrome:6.0.472.9 cpe:/a:google:chrome:6.0.472.10 cpe:/a:google:chrome:6.0.472.11 cpe:/a:google:chrome:6.0.472.12 cpe:/a:google:chrome:6.0.472.13 cpe:/a:google:chrome:6.0.472.14 cpe:/a:google:chrome:6.0.472.15 cpe:/a:google:chrome:6.0.472.16 cpe:/a:google:chrome:6.0.472.17 cpe:/a:google:chrome:6.0.472.18 cpe:/a:google:chrome:6.0.472.19 cpe:/a:google:chrome:6.0.472.20 cpe:/a:google:chrome:6.0.472.21 cpe:/a:google:chrome:6.0.472.22 cpe:/a:google:chrome:6.0.472.23 cpe:/a:google:chrome:6.0.472.24 cpe:/a:google:chrome:6.0.472.25 cpe:/a:google:chrome:6.0.472.26 cpe:/a:google:chrome:6.0.472.27 cpe:/a:google:chrome:6.0.472.28 cpe:/a:google:chrome:6.0.472.29 cpe:/a:google:chrome:6.0.472.30 cpe:/a:google:chrome:6.0.472.31 cpe:/a:google:chrome:6.0.472.32 cpe:/a:google:chrome:6.0.472.33 cpe:/a:google:chrome:6.0.472.34 cpe:/a:google:chrome:6.0.472.35 cpe:/a:google:chrome:6.0.472.36 cpe:/a:google:chrome:6.0.472.37 cpe:/a:google:chrome:6.0.472.38 cpe:/a:google:chrome:6.0.472.39 cpe:/a:google:chrome:6.0.472.40 cpe:/a:google:chrome:6.0.472.41 cpe:/a:google:chrome:6.0.472.42 cpe:/a:google:chrome:6.0.472.43 cpe:/a:google:chrome:6.0.472.44 cpe:/a:google:chrome:6.0.472.45 cpe:/a:google:chrome:6.0.472.46 cpe:/a:google:chrome:6.0.472.47 cpe:/a:google:chrome:6.0.472.48 cpe:/a:google:chrome:6.0.472.49 cpe:/a:google:chrome:6.0.472.50 cpe:/a:google:chrome:6.0.472.51 cpe:/a:google:chrome:6.0.472.52 cpe:/a:google:chrome:6.0.472.53 cpe:/a:google:chrome:6.0.472.54 cpe:/a:google:chrome:6.0.472.55 cpe:/a:google:chrome:6.0.472.56 cpe:/a:google:chrome:6.0.472.57 cpe:/a:google:chrome:6.0.472.58 cpe:/a:google:chrome:6.0.472.59 cpe:/a:google:chrome:6.0.472.60 cpe:/a:google:chrome:6.0.472.61 cpe:/a:google:chrome:6.0.472.62 cpe:/a:google:chrome:6.0.472.63 cpe:/a:google:chrome:6.0.473.0 cpe:/a:google:chrome:6.0.474.0 cpe:/a:google:chrome:6.0.475.0 cpe:/a:google:chrome:6.0.476.0 cpe:/a:google:chrome:6.0.477.0 cpe:/a:google:chrome:6.0.478.0 cpe:/a:google:chrome:6.0.479.0 cpe:/a:google:chrome:6.0.480.0 cpe:/a:google:chrome:6.0.481.0 cpe:/a:google:chrome:6.0.482.0 cpe:/a:google:chrome:6.0.483.0 cpe:/a:google:chrome:6.0.484.0 cpe:/a:google:chrome:6.0.485.0 cpe:/a:google:chrome:6.0.486.0 cpe:/a:google:chrome:6.0.487.0 cpe:/a:google:chrome:6.0.488.0 cpe:/a:google:chrome:6.0.489.0 cpe:/a:google:chrome:6.0.490.0 cpe:/a:google:chrome:6.0.490.1 cpe:/a:google:chrome:6.0.491.0 cpe:/a:google:chrome:6.0.492.0 cpe:/a:google:chrome:6.0.493.0 cpe:/a:google:chrome:6.0.494.0 cpe:/a:google:chrome:6.0.495.0 cpe:/a:google:chrome:6.0.495.1 cpe:/a:google:chrome:6.0.496.0 cpe:/a:google:chrome:7.0.497.0 cpe:/a:google:chrome:7.0.498.0 cpe:/a:google:chrome:7.0.499.0 cpe:/a:google:chrome:7.0.499.1 cpe:/a:google:chrome:7.0.500.0 cpe:/a:google:chrome:7.0.500.1 cpe:/a:google:chrome:7.0.503.0 cpe:/a:google:chrome:7.0.503.1 cpe:/a:google:chrome:7.0.504.0 cpe:/a:google:chrome:7.0.505.0 cpe:/a:google:chrome:7.0.506.0 cpe:/a:google:chrome:7.0.507.0 cpe:/a:google:chrome:7.0.507.1 cpe:/a:google:chrome:7.0.507.2 cpe:/a:google:chrome:7.0.507.3 cpe:/a:google:chrome:7.0.509.0 cpe:/a:google:chrome:7.0.510.0 cpe:/a:google:chrome:7.0.511.1 cpe:/a:google:chrome:7.0.511.2 cpe:/a:google:chrome:7.0.511.4 cpe:/a:google:chrome:7.0.512.0 cpe:/a:google:chrome:7.0.513.0 cpe:/a:google:chrome:7.0.514.0 cpe:/a:google:chrome:7.0.514.1 cpe:/a:google:chrome:7.0.515.0 cpe:/a:google:chrome:7.0.516.0 cpe:/a:google:chrome:7.0.517.0 cpe:/a:google:chrome:7.0.517.2 cpe:/a:google:chrome:7.0.517.4 cpe:/a:google:chrome:7.0.517.5 cpe:/a:google:chrome:7.0.517.6 cpe:/a:google:chrome:7.0.517.7 cpe:/a:google:chrome:7.0.517.8 cpe:/a:google:chrome:7.0.517.9 cpe:/a:google:chrome:7.0.517.10 cpe:/a:google:chrome:7.0.517.11 cpe:/a:google:chrome:7.0.517.12 cpe:/a:google:chrome:7.0.517.13 cpe:/a:google:chrome:7.0.517.14 cpe:/a:google:chrome:7.0.517.16 cpe:/a:google:chrome:7.0.517.17 cpe:/a:google:chrome:7.0.517.18 cpe:/a:google:chrome:7.0.517.19 cpe:/a:google:chrome:7.0.517.20 cpe:/a:google:chrome:7.0.517.21 cpe:/a:google:chrome:7.0.517.22 cpe:/a:google:chrome:7.0.517.23 cpe:/a:google:chrome:7.0.517.24 cpe:/a:google:chrome:7.0.517.25 cpe:/a:google:chrome:7.0.517.26 cpe:/a:google:chrome:7.0.517.27 cpe:/a:google:chrome:7.0.517.28 cpe:/a:google:chrome:7.0.517.29 cpe:/a:google:chrome:7.0.517.30 cpe:/a:google:chrome:7.0.517.31 cpe:/a:google:chrome:7.0.517.32 cpe:/a:google:chrome:7.0.517.33 cpe:/a:google:chrome:7.0.517.34 cpe:/a:google:chrome:7.0.517.35 cpe:/a:google:chrome:7.0.517.36 cpe:/a:google:chrome:7.0.517.37 cpe:/a:google:chrome:7.0.517.38 cpe:/a:google:chrome:7.0.517.39 cpe:/a:google:chrome:7.0.517.40 cpe:/a:google:chrome:7.0.517.41 cpe:/a:google:chrome:7.0.517.42 cpe:/a:google:chrome:7.0.517.43 cpe:/a:google:chrome:7.0.517.44 cpe:/a:google:chrome:7.0.518.0 cpe:/a:google:chrome:7.0.519.0 cpe:/a:google:chrome:7.0.520.0 cpe:/a:google:chrome:7.0.521.0 cpe:/a:google:chrome:7.0.522.0 cpe:/a:google:chrome:7.0.524.0 cpe:/a:google:chrome:7.0.525.0 cpe:/a:google:chrome:7.0.526.0 cpe:/a:google:chrome:7.0.528.0 cpe:/a:google:chrome:7.0.529.0 cpe:/a:google:chrome:7.0.529.1 cpe:/a:google:chrome:7.0.529.2 cpe:/a:google:chrome:7.0.530.0 cpe:/a:google:chrome:7.0.531.0 cpe:/a:google:chrome:7.0.531.1 cpe:/a:google:chrome:7.0.531.2 cpe:/a:google:chrome:7.0.535.1 cpe:/a:google:chrome:7.0.535.2 cpe:/a:google:chrome:7.0.536.0 cpe:/a:google:chrome:7.0.536.1 cpe:/a:google:chrome:7.0.536.2 cpe:/a:google:chrome:7.0.536.3 cpe:/a:google:chrome:7.0.536.4 cpe:/a:google:chrome:7.0.537.0 cpe:/a:google:chrome:7.0.538.0 cpe:/a:google:chrome:7.0.539.0 cpe:/a:google:chrome:7.0.540.0 cpe:/a:google:chrome:7.0.541.0 cpe:/a:google:chrome:7.0.542.0 cpe:/a:google:chrome:7.0.544.0 cpe:/a:google:chrome:7.0.547.0 cpe:/a:google:chrome:7.0.547.1 cpe:/a:google:chrome:7.0.548.0 cpe:/a:google:chrome:8.0.549.0 cpe:/a:google:chrome:8.0.550.0 cpe:/a:google:chrome:8.0.551.0 cpe:/a:google:chrome:8.0.551.1 cpe:/a:google:chrome:8.0.552.0 cpe:/a:google:chrome:8.0.552.1 cpe:/a:google:chrome:8.0.552.2 cpe:/a:google:chrome:8.0.552.10 cpe:/a:google:chrome:8.0.552.11 cpe:/a:google:chrome:8.0.552.12 cpe:/a:google:chrome:8.0.552.13 cpe:/a:google:chrome:8.0.552.14 cpe:/a:google:chrome:8.0.552.15 cpe:/a:google:chrome:8.0.552.16 cpe:/a:google:chrome:8.0.552.17 cpe:/a:google:chrome:8.0.552.18 cpe:/a:google:chrome:8.0.552.19 cpe:/a:google:chrome:8.0.552.20 cpe:/a:google:chrome:8.0.552.21 cpe:/a:google:chrome:8.0.552.23 cpe:/a:google:chrome:8.0.552.100 cpe:/a:google:chrome:8.0.552.101 cpe:/a:google:chrome:8.0.552.102 cpe:/a:google:chrome:8.0.552.103 cpe:/a:google:chrome:8.0.552.104 cpe:/a:google:chrome:8.0.552.105 cpe:/a:google:chrome:8.0.552.200 cpe:/a:google:chrome:8.0.552.201 cpe:/a:google:chrome:8.0.552.202 cpe:/a:google:chrome:8.0.552.203 cpe:/a:google:chrome:8.0.552.204 cpe:/a:google:chrome:8.0.552.205 cpe:/a:google:chrome:8.0.552.206 cpe:/a:google:chrome:8.0.552.207 cpe:/a:google:chrome:8.0.552.208 cpe:/a:google:chrome:8.0.552.209 cpe:/a:google:chrome:8.0.552.210 cpe:/a:google:chrome:8.0.552.211 cpe:/a:google:chrome:8.0.552.212 cpe:/a:google:chrome:8.0.552.213 cpe:/a:google:chrome:8.0.552.214 cpe:/a:google:chrome:8.0.552.215 cpe:/a:google:chrome:8.0.552.216 cpe:/a:google:chrome:8.0.552.217 cpe:/a:google:chrome:8.0.552.219 cpe:/a:google:chrome:8.0.552.220 cpe:/a:google:chrome:8.0.552.221 cpe:/a:google:chrome:8.0.552.223 cpe:/a:google:chrome:8.0.552.224 cpe:/a:google:chrome:8.0.552.225 cpe:/a:google:chrome:8.0.552.226 cpe:/a:google:chrome:8.0.552.227 cpe:/a:google:chrome:8.0.552.228 cpe:/a:google:chrome:8.0.552.229 cpe:/a:google:chrome:8.0.552.230 cpe:/a:google:chrome:8.0.552.231 cpe:/a:google:chrome:8.0.552.232 cpe:/a:google:chrome:8.0.552.233 cpe:/a:google:chrome:8.0.552.234 cpe:/a:google:chrome:8.0.552.235 cpe:/o:google:chrome_os:8.0.552.343

CVE-2011-0470

2011-01-14T12:00:02.607-05:00

2017-09-18T21:32:00.287-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=58053 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF unspecified(64661) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVE-2011-0471

2011-01-14T12:00:02.653-05:00

2017-09-18T21:32:00.473-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=65764 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-iteration-unspecified(64662) The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-0472

2011-01-14T12:00:02.700-05:00

2017-09-18T21:32:00.660-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=66334 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-pdf-files-unspecified(64663) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.

CVE-2011-0473

2011-01-14T12:00:02.747-05:00

2017-09-18T21:32:00.863-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=66560 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-css-canvas-unspecified(64664) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0474

2011-01-14T12:00:02.810-05:00

2017-09-18T21:32:01.067-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=66748 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html DEBIAN DSA-2188 BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-css-cursors-unspecified(64665) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0475

2011-01-14T12:00:02.843-05:00

2017-09-18T21:32:01.253-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=67100 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-pdf-pages-code-execution(64666) Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.

CVE-2011-0476

2011-01-14T12:00:02.903-05:00

2017-09-18T21:32:01.443-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=67208 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-pdf-files-ce(64667) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.

CVE-2011-0477

2011-01-14T12:00:02.937-05:00

2017-09-18T21:32:01.770-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=67303 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-video-frame-code-execution(64668) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.

CVE-2011-0478

2011-01-14T12:00:02.983-05:00

2017-09-18T21:32:01.943-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=67363 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-use-code-execution(64669) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0479

2011-01-14T12:00:03.013-05:00

2017-09-18T21:32:02.130-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov CONFIRM http://code.google.com/p/chromium/issues/detail?id=67393 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 XF chrome-rouge-code-execution(64670) Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.

CVE-2011-0480

2011-01-14T12:00:03.060-05:00

2017-09-18T21:32:02.333-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov MLIST [ffmpeg-devel] 20101229 [PATCH] Fix a couple of errors with bad Vorbis headers CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610550 CONFIRM http://code.google.com/p/chromium/issues/detail?id=68115 CONFIRM http://codereview.chromium.org/5964011 CONFIRM http://codereview.chromium.org/6069005 CONFIRM http://ffmpeg.mplayerhq.hu/ CONFIRM http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=13184036a6b1b1d4b61c91118c0896e9ad4634c3 CONFIRM http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html CONFIRM http://roundup.ffmpeg.org/issue2548 CONFIRM http://roundup.ffmpeg.org/issue2550 CONFIRM http://src.chromium.org/viewvc/chrome?view=rev&revision=70200 DEBIAN DSA-2306 MANDRIVA MDVSA-2011:061 BID 45788 CONFIRM http://www.srware.net/forum/viewtopic.php?f=18&t=2054 UBUNTU USN-1104-1 XF chrome-vorbis-bo(64671) Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.