CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2011 (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4663 2011-06-08 2012-04-27
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the News module in CMS Made Simple (CMSMS) before 1.9.1 has unknown impact and attack vectors.
2 CVE-2011-0083 399 DoS Exec Code 2011-06-30 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
3 CVE-2011-0085 399 Exec Code 2011-06-30 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
4 CVE-2011-0317 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
5 CVE-2011-0318 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
6 CVE-2011-0319 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
7 CVE-2011-0320 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
8 CVE-2011-0335 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.
9 CVE-2011-0658 189 Exec Code 2011-06-16 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
10 CVE-2011-0664 20 Exec Code 2011-06-16 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
11 CVE-2011-0802 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.
12 CVE-2011-0814 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.
13 CVE-2011-0815 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.
14 CVE-2011-0817 2011-06-14 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
15 CVE-2011-0862 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
16 CVE-2011-0863 2011-06-14 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
17 CVE-2011-0864 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.
18 CVE-2011-0871 2011-06-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
19 CVE-2011-0873 2011-06-14 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
20 CVE-2011-1127 264 2011-06-21 2011-06-29
10.0
None Remote Low Not required Complete Complete Complete
SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.
21 CVE-2011-1220 119 Exec Code Overflow 2011-06-02 2018-10-09
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
22 CVE-2011-1250 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."
23 CVE-2011-1251 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."
24 CVE-2011-1254 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."
25 CVE-2011-1255 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."
26 CVE-2011-1256 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."
27 CVE-2011-1260 119 Exec Code Overflow Mem. Corr. 2011-06-16 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
28 CVE-2011-1261 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."
29 CVE-2011-1262 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."
30 CVE-2011-1266 908 Exec Code Mem. Corr. 2011-06-16 2022-02-28
9.3
None Remote Medium Not required Complete Complete Complete
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
31 CVE-2011-1268 20 Exec Code 2011-06-16 2020-09-28
10.0
None Remote Low Not required Complete Complete Complete
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
32 CVE-2011-1272 20 Exec Code 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Insufficient Record Validation Vulnerability."
33 CVE-2011-1273 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Improper Record Parsing Vulnerability."
34 CVE-2011-1274 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds Array Access Vulnerability."
35 CVE-2011-1275 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Heap Overwrite Vulnerability."
36 CVE-2011-1276 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."
37 CVE-2011-1277 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
38 CVE-2011-1278 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
39 CVE-2011-1279 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
40 CVE-2011-1623 255 2011-06-02 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737.
41 CVE-2011-1699 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.
42 CVE-2011-1700 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.
43 CVE-2011-1701 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.
44 CVE-2011-1702 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.
45 CVE-2011-1703 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.
46 CVE-2011-1704 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.
47 CVE-2011-1705 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.
48 CVE-2011-1706 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.
49 CVE-2011-1707 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.
50 CVE-2011-1708 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.
Total number of vulnerabilities : 105   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.