CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2011-2685 119 Exec Code Overflow 2011-07-21 2012-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.
52 CVE-2011-2682 399 DoS 2011-07-07 2017-08-29
4.0
None Remote Low ??? None None Partial
The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access with a new user account that has never been used for a DOORS login.
53 CVE-2011-2681 20 2011-07-07 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors.
54 CVE-2011-2680 2011-07-07 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."
55 CVE-2011-2679 79 XSS 2011-07-07 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
56 CVE-2011-2678 +Priv 2011-07-07 2018-10-09
6.8
None Local Low ??? Complete Complete Complete
The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression.
57 CVE-2011-2667 119 DoS Exec Code Overflow Mem. Corr. 2011-07-28 2021-04-12
10.0
None Remote Low Not required Complete Complete Complete
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.
58 CVE-2011-2666 16 2011-07-06 2017-08-29
5.0
None Remote Low Not required Partial None None
The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
59 CVE-2011-2665 DoS 2011-07-06 2011-09-07
5.0
None Remote Low Not required None None Partial
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.
60 CVE-2011-2664 2011-07-08 2017-08-29
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.
61 CVE-2011-2641 399 1 DoS 2011-07-01 2011-07-05
5.0
None Remote Low Not required None None Partial
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
62 CVE-2011-2640 399 DoS 2011-07-01 2017-08-29
5.0
None Remote Low Not required None None Partial
Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via an HTML document that has an empty parameter value for an embedded Java applet.
63 CVE-2011-2639 399 DoS 2011-07-01 2011-07-05
5.0
None Remote Low Not required None None Partial
Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.
64 CVE-2011-2638 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com.
65 CVE-2011-2637 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by futura-sciences.com, seoptimise.com, and mitosyfraudes.org.
66 CVE-2011-2636 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by a certain Tomato Firmware page.
67 CVE-2011-2635 399 DoS 2011-07-01 2011-07-06
5.0
None Remote Low Not required None None Partial
The Cascading Style Sheets (CSS) implementation in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via vectors involving use of the :hover pseudo-class, in conjunction with transforms, for a floated element.
68 CVE-2011-2634 20 2011-07-01 2011-07-08
5.0
None Remote Low Not required None Partial None
Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications.
69 CVE-2011-2633 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via vectors involving a Certificate Revocation List (CRL) file, as demonstrated by the multicert-ca-02.crl file.
70 CVE-2011-2632 20 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl.
71 CVE-2011-2631 20 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page.
72 CVE-2011-2630 20 DoS 2011-07-01 2011-07-08
4.3
None Remote Medium Not required None None Partial
Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension.
73 CVE-2011-2629 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.11 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by www.falk.de.
74 CVE-2011-2628 20 DoS Exec Code Mem. Corr. 2011-07-01 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.
75 CVE-2011-2627 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com.
76 CVE-2011-2626 399 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using "injected script" to set the SRC attribute of an IFRAME element.
77 CVE-2011-2625 399 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a SELECT element that contains many OPTION elements.
78 CVE-2011-2624 399 DoS 2011-07-01 2011-07-08
4.3
None Remote Medium Not required None None Partial
Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.
79 CVE-2011-2623 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the SVG BiDi implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash or hang) via unknown vectors.
80 CVE-2011-2622 DoS 2011-07-01 2011-07-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Web Workers implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
81 CVE-2011-2621 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to form layout.
82 CVE-2011-2620 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving SVG animation.
83 CVE-2011-2619 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a gradient with many stops, related to the implementation of CANVAS elements, SVG, and Cascading Style Sheets (CSS).
84 CVE-2011-2618 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows.
85 CVE-2011-2617 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors related to selecting a text node, and closed pop-up windows, removed pop-up windows, and IFRAME elements.
86 CVE-2011-2616 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (memory consumption) via unknown content on a web page, as demonstrated by test262.ecmascript.org.
87 CVE-2011-2615 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com.
88 CVE-2011-2614 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via vectors involving a path on which many characters are drawn.
89 CVE-2011-2613 399 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
The Array.prototype.join method in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via a non-array object that contains initial holes.
90 CVE-2011-2612 DoS 2011-07-01 2011-07-11
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru.
91 CVE-2011-2611 DoS 2011-07-01 2011-07-11
4.3
None Remote Medium Not required None None Partial
Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page.
92 CVE-2011-2610 2011-07-01 2011-09-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 11.50 has unknown impact and attack vectors, related to a "moderately severe issue."
93 CVE-2011-2609 79 XSS 2011-07-01 2017-08-29
4.3
None Remote Medium Not required None Partial None
Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
94 CVE-2011-2608 20 2011-07-01 2017-08-29
6.4
None Remote Low Not required None Partial Partial
ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command.
95 CVE-2011-2597 399 DoS 2011-07-07 2017-09-19
4.3
None Remote Medium Not required None None Partial
The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.
96 CVE-2011-2588 119 DoS Exec Code Overflow 2011-07-27 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
97 CVE-2011-2587 119 DoS Exec Code Overflow 2011-07-27 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
98 CVE-2011-2549 DoS 2011-07-28 2017-08-29
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) via an IPv4 packet, aka Bug ID CSCtr26695.
99 CVE-2011-2547 264 Exec Code 2011-07-28 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
100 CVE-2011-2546 89 Exec Code Sql 2011-07-28 2017-08-29
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
Total number of vulnerabilities : 307   Page : 1 2 (This Page)3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.