CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2011 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-0688 287 Exec Code 2011-01-31 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.
2 CVE-2011-0682 119 DoS Exec Code Overflow Mem. Corr. 2011-01-31 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
3 CVE-2011-0517 119 1 DoS Exec Code Overflow 2011-01-20 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
4 CVE-2011-0502 1 DoS 2011-01-20 2011-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a long line in a MIDI (.mid) file.
5 CVE-2011-0501 119 1 Exec Code Overflow 2011-01-20 2011-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file.
6 CVE-2011-0500 119 1 Exec Code Overflow 2011-01-20 2011-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "value" attribute, as demonstrated using a valitem with the mp3 name.
7 CVE-2011-0499 119 Exec Code Overflow 2011-01-20 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "name" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
8 CVE-2011-0498 119 1 DoS Exec Code Overflow 2011-01-20 2011-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.
9 CVE-2011-0496 Exec Code 2011-01-20 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary web services and execute arbitrary code, related to a "design vulnerability."
10 CVE-2011-0488 119 DoS Exec Code Overflow 2011-01-18 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80.
11 CVE-2011-0487 94 Exec Code 2011-01-18 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.
12 CVE-2011-0485 20 Exec Code 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."
13 CVE-2011-0481 120 DoS Overflow 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.
14 CVE-2011-0480 120 DoS Overflow Mem. Corr. 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
15 CVE-2011-0478 20 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
16 CVE-2011-0477 119 DoS Overflow 2011-01-14 2020-07-27
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.
17 CVE-2011-0476 119 DoS Overflow Mem. Corr. 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.
18 CVE-2011-0475 416 DoS 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.
19 CVE-2011-0474 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
20 CVE-2011-0473 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
21 CVE-2011-0472 DoS 2011-01-14 2020-07-24
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.
22 CVE-2011-0471 20 DoS 2011-01-14 2020-07-24
10.0
None Remote Low Not required Complete Complete Complete
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
23 CVE-2011-0444 119 DoS Exec Code Overflow 2011-01-13 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
24 CVE-2011-0406 119 1 Exec Code Overflow 2011-01-11 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.
25 CVE-2011-0403 1 Exec Code 2011-01-11 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.
26 CVE-2011-0347 2011-01-07 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
27 CVE-2011-0346 399 DoS Exec Code Mem. Corr. 2011-01-07 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
28 CVE-2011-0273 119 Exec Code Overflow 2011-01-25 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.
29 CVE-2011-0272 Exec Code 2011-01-18 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.
30 CVE-2011-0271 78 Exec Code 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."
31 CVE-2011-0270 134 Exec Code 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.
32 CVE-2011-0269 119 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.
33 CVE-2011-0268 119 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.
34 CVE-2011-0267 119 1 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.
35 CVE-2011-0266 119 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.
36 CVE-2011-0265 119 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.
37 CVE-2011-0264 119 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.
38 CVE-2011-0263 119 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.
39 CVE-2011-0262 119 Exec Code Overflow 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.
40 CVE-2011-0261 Exec Code 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.
41 CVE-2011-0027 20 Exec Code Overflow 2011-01-12 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
42 CVE-2011-0026 189 Exec Code Overflow Bypass 2011-01-12 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
43 CVE-2011-0021 119 DoS Exec Code Overflow 2011-01-25 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
44 CVE-2011-0018 20 1 Exec Code 2011-01-28 2018-10-10
9.0
None Remote Low ??? Complete Complete Complete
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
45 CVE-2010-4714 119 Exec Code Overflow 2011-01-31 2011-04-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.
46 CVE-2010-4713 189 Exec Code 2011-01-31 2011-04-26
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header.
47 CVE-2010-4712 119 Exec Code Overflow 2011-01-31 2011-04-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data.
48 CVE-2010-4711 399 Exec Code 2011-01-31 2011-04-26
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.
49 CVE-2010-4705 189 Overflow 2011-01-22 2011-05-24
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the vorbis_residue_decode_internal function in libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg, possibly 0.6, has unspecified impact and remote attack vectors, related to the sizes of certain integer data types. NOTE: this might overlap CVE-2011-0480.
50 CVE-2010-4680 264 Bypass 2011-01-07 2017-08-17
9.0
None Remote Low ??? Complete Complete Complete
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.
Total number of vulnerabilities : 75   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.