CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12851 CVE-2011-0548 119 DoS Exec Code Overflow 2011-07-18 2013-02-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217.
12852 CVE-2011-0547 189 Exec Code Overflow 2011-08-19 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
12853 CVE-2011-0531 20 DoS Exec Code Mem. Corr. 2011-02-07 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.
12854 CVE-2011-0517 119 1 DoS Exec Code Overflow 2011-01-20 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
12855 CVE-2011-0502 1 DoS 2011-01-20 2011-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file.
12856 CVE-2011-0501 119 1 Exec Code Overflow 2011-01-20 2011-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file.
12857 CVE-2011-0500 119 1 Exec Code Overflow 2011-01-20 2011-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "value" attribute, as demonstrated using a valitem with the mp3 name.
12858 CVE-2011-0499 119 Exec Code Overflow 2011-01-20 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "name" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12859 CVE-2011-0498 119 1 DoS Exec Code Overflow 2011-01-20 2011-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.
12860 CVE-2011-0496 Exec Code 2011-01-20 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."
12861 CVE-2011-0488 119 DoS Exec Code Overflow 2011-01-18 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80.
12862 CVE-2011-0487 94 Exec Code 2011-01-18 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
12863 CVE-2011-0485 20 Exec Code 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."
12864 CVE-2011-0481 120 DoS Overflow 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.
12865 CVE-2011-0480 120 DoS Overflow Mem. Corr. 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
12866 CVE-2011-0478 20 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
12867 CVE-2011-0477 119 DoS Overflow 2011-01-14 2020-07-27
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.
12868 CVE-2011-0476 119 DoS Overflow Mem. Corr. 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.
12869 CVE-2011-0475 416 DoS 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
12870 CVE-2011-0474 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
12871 CVE-2011-0473 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
12872 CVE-2011-0472 DoS 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.
12873 CVE-2011-0471 20 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
12874 CVE-2011-0469 94 2017-08-17 2017-08-25
9.0
None Remote Low Not required Partial Complete Partial
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
12875 CVE-2011-0465 20 Exec Code 2011-04-08 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
12876 CVE-2011-0464 Exec Code 2011-03-09 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.
12877 CVE-2011-0444 119 DoS Exec Code Overflow 2011-01-13 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
12878 CVE-2011-0406 119 1 Exec Code Overflow 2011-01-11 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.
12879 CVE-2011-0403 1 Exec Code 2011-01-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.
12880 CVE-2011-0386 94 Exec Code 2011-02-25 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.
12881 CVE-2011-0385 Exec Code 2011-02-25 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.
12882 CVE-2011-0384 287 Exec Code 2011-02-25 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.
12883 CVE-2011-0383 287 Exec Code 2011-02-25 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
12884 CVE-2011-0382 78 Exec Code 2011-02-25 2011-04-09
10.0
None Remote Low Not required Complete Complete Complete
The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221.
12885 CVE-2011-0381 78 Exec Code 2011-02-25 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085.
12886 CVE-2011-0376 200 +Info 2011-02-25 2011-03-31
10.0
None Remote Low Not required Complete Complete Complete
The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.
12887 CVE-2011-0375 78 Exec Code 2011-02-25 2011-03-31
9.0
None Remote Low ??? Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
12888 CVE-2011-0374 78 Exec Code 2011-02-25 2011-03-31
9.0
None Remote Low ??? Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.
12889 CVE-2011-0373 78 Exec Code 2011-02-25 2011-03-31
9.0
None Remote Low ??? Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
12890 CVE-2011-0372 78 Exec Code 2011-02-25 2011-03-31
10.0
None Remote Low Not required Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
12891 CVE-2011-0364 94 Exec Code 2011-02-19 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
12892 CVE-2011-0354 255 1 2011-02-03 2011-09-22
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.
12893 CVE-2011-0347 2011-01-07 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
12894 CVE-2011-0346 399 DoS Exec Code Mem. Corr. 2011-01-07 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
12895 CVE-2011-0342 119 Exec Code Overflow 2011-09-02 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.
12896 CVE-2011-0341 119 Exec Code Overflow 2011-05-13 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.
12897 CVE-2011-0340 119 Exec Code Overflow 2011-05-04 2013-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
12898 CVE-2011-0335 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.
12899 CVE-2011-0334 119 Exec Code Overflow 2011-10-08 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.
12900 CVE-2011-0333 119 Exec Code Overflow 2011-10-08 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.