| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2011-4705 |
264 |
|
|
2012-01-25 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack." |
|
202 |
CVE-2011-4704 |
264 |
|
|
2012-01-25 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. |
|
203 |
CVE-2011-4703 |
264 |
|
|
2012-01-25 |
2012-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. |
|
204 |
CVE-2011-4702 |
264 |
|
|
2012-01-25 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. |
|
205 |
CVE-2011-4701 |
264 |
|
|
2012-01-25 |
2012-01-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application. |
|
206 |
CVE-2011-4700 |
264 |
|
|
2012-01-25 |
2012-04-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. |
|
207 |
CVE-2011-4699 |
200 |
|
+Info |
2012-01-25 |
2012-01-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. |
|
208 |
CVE-2011-4698 |
200 |
|
+Info |
2012-01-25 |
2012-01-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. |
|
209 |
CVE-2011-4697 |
200 |
|
+Info |
2012-01-25 |
2012-01-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. |
|
210 |
CVE-2011-4659 |
264 |
|
|
2012-01-19 |
2012-02-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555. |
|
211 |
CVE-2011-4644 |
287 |
1
|
Exec Code |
2012-01-03 |
2012-01-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request. |
|
212 |
CVE-2011-4643 |
22 |
1
|
Dir. Trav. |
2012-01-03 |
2017-08-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243. |
|
213 |
CVE-2011-4642 |
352 |
1
|
Exec Code CSRF |
2012-01-03 |
2012-11-06 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172. |
|
214 |
CVE-2011-4622 |
|
|
DoS |
2012-01-27 |
2017-12-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. |
|
215 |
CVE-2011-4619 |
399 |
|
DoS |
2012-01-06 |
2016-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. |
|
216 |
CVE-2011-4616 |
79 |
|
XSS |
2012-01-06 |
2013-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters. |
|
217 |
CVE-2011-4608 |
264 |
|
Bypass |
2012-01-27 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. |
|
218 |
CVE-2011-4577 |
399 |
|
DoS |
2012-01-06 |
2014-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. |
|
219 |
CVE-2011-4576 |
310 |
|
+Info |
2012-01-06 |
2016-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. |
|
220 |
CVE-2011-4532 |
22 |
|
Dir. Trav. |
2012-01-08 |
2012-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll in the graphical user interface in Siemens Automation License Manager (ALM) 2.0 through 5.1+SP1+Upd2 allows remote attackers to overwrite arbitrary files via the Save method. |
|
221 |
CVE-2011-4531 |
20 |
|
DoS |
2012-01-08 |
2012-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted content in a (1) get_target_ocx_param or (2) send_target_ocx_param command. |
|
222 |
CVE-2011-4530 |
20 |
|
DoS |
2012-01-08 |
2012-01-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obtained from clients, which allows remote attackers to cause a denial of service (exception and daemon crash) via long fields, as demonstrated by fields to the (1) open_session->workstation->NAME or (2) grant->VERSION function. |
|
223 |
CVE-2011-4529 |
119 |
|
Exec Code Overflow |
2012-01-08 |
2012-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allow remote attackers to execute arbitrary code via a long serialid field in an _licensekey command, as demonstrated by the (1) check_licensekey or (2) read_licensekey command. |
|
224 |
CVE-2011-4374 |
190 |
|
Exec Code Overflow |
2012-01-19 |
2021-09-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors. |
|
225 |
CVE-2011-4373 |
|
|
DoS Exec Code Mem. Corr. |
2012-01-10 |
2021-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. |
|
226 |
CVE-2011-4372 |
|
|
DoS Exec Code Mem. Corr. |
2012-01-10 |
2021-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. |
|
227 |
CVE-2011-4371 |
|
|
DoS Exec Code Mem. Corr. |
2012-01-10 |
2021-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. |
|
228 |
CVE-2011-4370 |
|
|
DoS Exec Code Mem. Corr. |
2012-01-10 |
2021-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. |
|
229 |
CVE-2011-4361 |
276 |
|
+Info |
2012-01-08 |
2021-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. |
|
230 |
CVE-2011-4360 |
200 |
|
+Info |
2012-01-08 |
2021-04-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter. |
|
231 |
CVE-2011-4354 |
310 |
|
|
2012-01-27 |
2012-11-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. |
|
232 |
CVE-2011-4337 |
94 |
1
|
|
2012-01-29 |
2012-02-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable. |
|
233 |
CVE-2011-4330 |
119 |
|
DoS Exec Code Overflow |
2012-01-27 |
2012-04-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. |
|
234 |
CVE-2011-4325 |
|
|
DoS |
2012-01-27 |
2017-08-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP. |
|
235 |
CVE-2011-4314 |
20 |
|
|
2012-01-27 |
2013-02-15 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. |
|
236 |
CVE-2011-4276 |
200 |
|
+Info |
2012-01-25 |
2012-01-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. |
|
237 |
CVE-2011-4197 |
264 |
|
|
2012-01-03 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key. |
|
238 |
CVE-2011-4153 |
20 |
1
|
DoS |
2012-01-18 |
2018-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. |
|
239 |
CVE-2011-4143 |
200 |
|
+Info |
2012-01-27 |
2012-02-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. |
|
240 |
CVE-2011-4142 |
255 |
|
+Info |
2012-01-19 |
2012-01-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. |
|
241 |
CVE-2011-4135 |
22 |
|
Exec Code Dir. Trav. |
2012-01-19 |
2012-01-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389. |
|
242 |
CVE-2011-4134 |
119 |
|
Exec Code Overflow |
2012-01-19 |
2012-01-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet. |
|
243 |
CVE-2011-4132 |
20 |
|
DoS |
2012-01-27 |
2017-12-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." |
|
244 |
CVE-2011-4114 |
264 |
|
|
2012-01-13 |
2012-02-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. |
|
245 |
CVE-2011-4110 |
264 |
|
DoS |
2012-01-27 |
2016-08-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." |
|
246 |
CVE-2011-4109 |
399 |
|
|
2012-01-06 |
2017-08-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. |
|
247 |
CVE-2011-4108 |
310 |
|
|
2012-01-06 |
2016-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. |
|
248 |
CVE-2011-4077 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-01-27 |
2016-08-23 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. |
|
249 |
CVE-2011-4057 |
399 |
|
DoS |
2012-01-13 |
2012-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. |
|
250 |
CVE-2011-4056 |
|
|
|
2012-01-08 |
2012-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. |
