Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-1110 |
Google Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Published: March 01, 2011; 6:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-1109 |
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Published: March 01, 2011; 6:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-1016 |
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. Published: February 28, 2011; 11:00:01 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 1.9 LOW |
CVE-2011-0925 |
The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926. Published: February 28, 2011; 11:00:01 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1018 |
logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. Published: February 25, 2011; 2:00:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0926 |
A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589. Published: February 25, 2011; 1:00:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0037 |
Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. Published: February 25, 2011; 1:00:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2011-1068 |
Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially sensitive information by reading an encrypted cookie and performing unspecified other steps. Published: February 23, 2011; 2:00:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2011-1067 |
slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. Published: February 23, 2011; 2:00:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0019 |
slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. Published: February 23, 2011; 2:00:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-1000 |
jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media. Published: February 18, 2011; 8:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2011-0721 |
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. Published: February 18, 2011; 8:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2011-0431 |
The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information. Published: February 18, 2011; 8:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3273 |
ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult. Published: February 17, 2011; 1:00:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3272 |
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action. Published: February 17, 2011; 1:00:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-7274 |
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. Published: February 14, 2011; 8:00:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-0987 |
The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark. Published: February 14, 2011; 5:00:06 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2011-0986 |
phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. Published: February 14, 2011; 5:00:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0983 |
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Published: February 10, 2011; 2:00:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-0981 |
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." Published: February 10, 2011; 2:00:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |