CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2011-2858 Google Chrome before 14.0.835.163 does not properly handle triangle arrays, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2011-2859 Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | N/A | NONE | — | 0 |
| CVE-2011-2860 Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | N/A | NONE | — | 0 |
| CVE-2011-2861 Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read ... | N/A | NONE | — | 0 |
| CVE-2011-2862 Google V8, as used in Google Chrome before 14.0.835.163, does not properly restrict access to built-in objects, which has unspecified impact and remote attack vectors. | N/A | NONE | — | 0 |
| CVE-2011-2864 Google Chrome before 14.0.835.163 does not properly handle Tibetan characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2011-2874 Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors. | N/A | NONE | — | 0 |
| CVE-2011-2875 Google V8, as used in Google Chrome before 14.0.835.163, does not properly perform object sealing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact ... | N/A | NONE | — | 0 |
| CVE-2011-3234 Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2011-3345 ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_kernel package in the InfiniBand driver implementation in OpenFabrics Enterprise Distribution (OFED) before 1.5.3 does not properly h... | N/A | NONE | — | 0 |
| CVE-2011-3423 Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the ... | N/A | NONE | — | 0 |
| CVE-2011-3424 Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in ... | N/A | NONE | — | 0 |
| CVE-2011-3575 Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter... | N/A | NONE | — | 0 |
| CVE-2011-3576 Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to W... | N/A | NONE | — | 0 |
| CVE-2011-2925 Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized ... | N/A | NONE | — | 0 |
| CVE-2011-3348 The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error st... | N/A | NONE | — | 0 |
| CVE-2011-1509 The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers... | N/A | NONE | — | 0 |
| CVE-2013-3455 Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. | N/A | NONE | — | 0 |
| CVE-2011-1510 Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText param... | N/A | NONE | — | 0 |
| CVE-2011-1911 JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery ... | N/A | NONE | — | 0 |
| CVE-2011-2672 Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2011-3360 Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. | N/A | NONE | — | 0 |
| CVE-2011-3482 The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to... | N/A | NONE | — | 0 |
| CVE-2011-3483 Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception ... | N/A | NONE | — | 0 |
| CVE-2011-3484 The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attacker... | N/A | NONE | — | 0 |
| CVE-2011-3577 IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. | N/A | NONE | — | 0 |
| CVE-2011-2412 Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2011-2937 Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to th... | N/A | NONE | — | 0 |
| CVE-2011-2938 Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the pro... | N/A | NONE | — | 0 |
| CVE-2011-3290 Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via ... | N/A | NONE | — | 0 |
| CVE-2011-3356 Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated... | N/A | NONE | — | 0 |
| CVE-2011-3357 Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action paramet... | N/A | NONE | — | 0 |
| CVE-2011-3358 Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a... | N/A | NONE | — | 0 |
| CVE-2011-3578 Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bu... | N/A | NONE | — | 0 |
| CVE-2011-2426 Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, all... | N/A | NONE | — | 0 |
| CVE-2011-2427 Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, all... | N/A | NONE | — | 0 |
| CVE-2011-2428 Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash... | N/A | NONE | — | 0 |
| CVE-2011-2429 Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive informati... | N/A | NONE | — | 0 |
| CVE-2011-2430 Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related... | N/A | NONE | — | 0 |
| CVE-2011-2444 Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrar... | N/A | NONE | — | 0 |
| CVE-2011-1913 SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2011-3207 crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value cor... | N/A | NONE | — | 0 |
| CVE-2011-3210 The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows re... | N/A | NONE | — | 0 |
| CVE-2011-2543 Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process cra... | N/A | NONE | — | 0 |
| CVE-2011-2544 Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a cr... | N/A | NONE | — | 0 |
| CVE-2013-3059 Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vecto... | N/A | NONE | — | 0 |
| CVE-2011-2766 The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers t... | N/A | NONE | — | 0 |
| CVE-2011-3695 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php... | N/A | NONE | — | 0 |
| CVE-2011-3696 60cycleCMS 2.5.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by post.php and c... | N/A | NONE | — | 0 |
| CVE-2011-3697 Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpg... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.