CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2011 (CVSS score >= 9)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-4548 2011-11-24 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
2 CVE-2011-4502 78 Exec Code 2011-11-22 2013-01-24
10.0
 None Remote Low Not required Complete Complete Complete
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters.
3 CVE-2011-4501 16 2011-11-22 2013-01-24
10.0
 None Remote Low Not required Complete Complete Complete
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
4 CVE-2011-4496 119 Exec Code Overflow 2011-11-21 2011-11-21
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.
5 CVE-2011-4262 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.
6 CVE-2011-4261 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.
7 CVE-2011-4260 94 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.
8 CVE-2011-4259 189 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.
9 CVE-2011-4258 94 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
10 CVE-2011-4257 94 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.
11 CVE-2011-4256 94 Exec Code 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
12 CVE-2011-4255 Exec Code 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.
13 CVE-2011-4254 94 Exec Code 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.
14 CVE-2011-4253 Exec Code 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
15 CVE-2011-4252 94 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.
16 CVE-2011-4251 94 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.
17 CVE-2011-4250 Exec Code 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
18 CVE-2011-4249 20 Exec Code 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
19 CVE-2011-4248 94 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.
20 CVE-2011-4247 94 Exec Code 2011-11-24 2012-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.
21 CVE-2011-4246 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2011-11-24
10.0
 None Remote Low Not required Complete Complete Complete
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
22 CVE-2011-4245 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
23 CVE-2011-4244 119 Exec Code Overflow 2011-11-24 2012-03-08
10.0
 None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
24 CVE-2011-4223 DoS Exec Code 2011-11-01 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Investintech.com Absolute PDF Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
25 CVE-2011-4222 DoS Exec Code 2011-11-01 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
26 CVE-2011-4221 DoS Exec Code 2011-11-01 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Professional allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
27 CVE-2011-4220 264 DoS Exec Code 2011-11-01 2012-03-07
9.3
 None Remote Medium Not required Complete Complete Complete
Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
28 CVE-2011-4219 399 DoS Exec Code 2011-11-01 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
29 CVE-2011-4218 399 DoS Exec Code 2011-11-01 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Investintech.com SlimPDF Reader does not prevent faulting-instruction data from affecting write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
30 CVE-2011-4217 264 DoS Exec Code 2011-11-01 2012-02-29
9.3
 None Remote Medium Not required Complete Complete Complete
Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
31 CVE-2011-4216 264 DoS Exec Code 2011-11-01 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
32 CVE-2011-4214 287 Bypass +Info 2011-11-01 2012-01-27
10.0
 None Remote Low Not required Complete Complete Complete
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.
33 CVE-2011-4157 119 Exec Code Overflow 2011-11-16 2017-08-29
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.
34 CVE-2011-4047 94 Exec Code 2011-11-12 2011-11-14
9.3
 None Remote Medium Not required Complete Complete Complete
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.
35 CVE-2011-4040 119 Exec Code Overflow 2011-11-21 2011-11-21
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
36 CVE-2011-4005 352 Exec Code CSRF 2011-11-03 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in the Services Ready Platform Configuration Utility web interface on the Cisco Small Business SRP521W, SRP526W, and SRP527W with firmware before 1.1.24 and the Small Business SRP541W, SRP546W, and SRP547W with firmware before 1.2.1 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands, aka Bug ID CSCtr45124.
37 CVE-2011-4000 119 Exec Code Overflow 2011-11-08 2012-11-06
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string.
38 CVE-2011-3992 119 DoS Exec Code Overflow 2011-11-03 2018-10-30
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
39 CVE-2011-3991 Exec Code 2011-11-04 2017-08-29
9.3
 None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions.
40 CVE-2011-3828 94 Exec Code 2011-11-26 2018-10-09
9.3
 None Remote Medium Not required Complete Complete Complete
DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server.
41 CVE-2011-3655 94 +Priv 2011-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
42 CVE-2011-3654 119 DoS Exec Code Overflow Mem. Corr. 2011-11-09 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
43 CVE-2011-3652 119 DoS Exec Code Overflow Mem. Corr. 2011-11-09 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
44 CVE-2011-3651 DoS Exec Code Mem. Corr. 2011-11-09 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
45 CVE-2011-3650 119 DoS Overflow Mem. Corr. 2011-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
46 CVE-2011-3647 20 +Priv 2011-11-09 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.
47 CVE-2011-3439 787 DoS Exec Code Mem. Corr. 2011-11-11 2021-06-22
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
48 CVE-2011-3402 Exec Code 2011-11-04 2020-09-28
9.3
 None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
49 CVE-2011-3167 Exec Code 2011-11-02 2012-02-15
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
50 CVE-2011-3166 Exec Code 2011-11-02 2012-02-15
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
Total number of vulnerabilities : 73   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.