Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-24 | CVE-2011-2170 | Improper Input Validation vulnerability in Google Chrome OS Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors. | 4.4 |
2011-05-24 | CVE-2011-2169 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome OS Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | 7.2 |
2011-05-24 | CVE-2011-2167 | Path Traversal vulnerability in Dovecot script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script. | 6.5 |
2011-05-24 | CVE-2011-2166 | Configuration vulnerability in Dovecot script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script. | 6.5 |
2011-05-24 | CVE-2011-1929 | Improper Input Validation vulnerability in Dovecot lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | 5.0 |
2011-05-24 | CVE-2011-1595 | Path Traversal vulnerability in Rdesktop Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. | 4.3 |
2011-05-24 | CVE-2011-1521 | Resource Management Errors vulnerability in Python The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | 6.4 |
2011-05-24 | CVE-2011-1424 | Configuration vulnerability in EMC Sourceone Email Management 6.5.2.3668 The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. | 3.5 |
2011-05-24 | CVE-2011-1328 | SQL Injection vulnerability in Radvision Iview Suite 5.5/5.7/7.0 SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-05-24 | CVE-2011-0418 | Improper Input Validation vulnerability in multiple products The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command. | 4.0 |