Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-06-02 | CVE-2011-2330 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Management Framework Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220. | 9.0 |
| 2011-06-02 | CVE-2011-2329 | Permissions, Privileges, and Access Controls vulnerability in Apache Rampart/C 1.3.0 The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730. | 6.5 |
| 2011-06-02 | CVE-2011-2328 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Loadrunner Buffer overflow in HP LoadRunner allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a .usr (aka Virtual User script) file with long directives. | 6.8 |
| 2011-06-02 | CVE-2011-2041 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. | 7.2 |
| 2011-06-02 | CVE-2011-2024 | Credentials Management vulnerability in Cisco CNS Network Registrar Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627. | 10.0 |
| 2011-06-02 | CVE-2011-1637 | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962. | 1.5 |
| 2011-06-02 | CVE-2011-1623 | Credentials Management vulnerability in Cisco products Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737. | 10.0 |
| 2011-06-02 | CVE-2011-1603 | Permissions, Privileges, and Access Controls vulnerability in Cisco products Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. | 6.6 |
| 2011-06-02 | CVE-2011-1602 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. | 6.6 |
| 2011-06-02 | CVE-2011-1220 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Management Framework Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field. | 9.0 |