Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-06 | CVE-2011-2654 | Improper Input Validation vulnerability in Novell Cloud Manager 1.1.2 The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. | 9.3 |
2011-09-06 | CVE-2011-1359 | Path Traversal vulnerability in IBM Websphere Application Server Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-09-06 | CVE-2011-0258 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. | 9.3 |
2011-09-02 | CVE-2011-3387 | Improper Input Validation vulnerability in IBM Java 1.4.2.13.9 The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. | 4.0 |
2011-09-02 | CVE-2011-3386 | Unspecified vulnerability in Medtronic Paradigm Wireless Insulin Pump Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. | 4.0 |
2011-09-02 | CVE-2011-2176 | Improper Authentication vulnerability in Gnome Networkmanager GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | 2.1 |
2011-09-02 | CVE-2011-1411 | Improper Authentication vulnerability in Shibboleth Opensaml and Shibboleth-Identity-Provider Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | 5.8 |
2011-09-02 | CVE-2011-0311 | Buffer Errors vulnerability in IBM Java and Runtimes for Java Technology The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. | 3.5 |
2011-09-02 | CVE-2011-3385 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307. | 4.3 |
2011-09-02 | CVE-2009-5086 | Cross-Site Scripting vulnerability in Juniper IDP Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |