Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-12 | CVE-2011-0259 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 7.6 |
| 2011-10-12 | CVE-2011-3155 | Unspecified vulnerability in HP Onboard Administrator 3.21/3.30/3.31 Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors. | 6.4 |
| 2011-10-12 | CVE-2011-2012 | Improper Input Validation vulnerability in Microsoft Forefront Unified Access Gateway 2010 Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." | 5.0 |
| 2011-10-12 | CVE-2011-2008 | Improper Input Validation vulnerability in Microsoft Host Integration Server Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." | 5.0 |
| 2011-10-12 | CVE-2011-2007 | Improper Input Validation vulnerability in Microsoft Host Integration Server Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." | 5.0 |
| 2011-10-12 | CVE-2011-2005 | Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | 7.8 |
| 2011-10-12 | CVE-2011-2001 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." | 9.3 |
| 2011-10-12 | CVE-2011-2000 | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." | 9.3 |
| 2011-10-12 | CVE-2011-1999 | Unspecified vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." | 9.3 |
| 2011-10-12 | CVE-2011-1998 | Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability." | 9.3 |