Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-03-23 | CVE-2011-0172 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162. | 4.9 |
2011-03-22 | CVE-2011-1506 | Improper Input Validation vulnerability in Kerio Connect and Kerio Mailserver The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
2011-03-22 | CVE-2011-1505 | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2. | 10.0 |
2011-03-22 | CVE-2011-1414 | Cross-Site Scripting vulnerability in Tibco Tibbr and Tibbr Service Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-03-22 | CVE-2011-1022 | Permissions, Privileges, and Access Controls vulnerability in Balbir Singh Libcgroup The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. | 2.1 |
2011-03-22 | CVE-2011-0759 | Cross-Site Request Forgery (CSRF) vulnerability in Blaenkdenum Wp-Recaptcha 2.9.8.2 Multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page in the Recaptcha (aka WP-reCAPTCHA) plugin 2.9.8.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting (XSS) sequences via the (1) recaptcha_opt_pubkey, (2) recaptcha_opt_privkey, (3) re_tabindex, (4) error_blank, (5) error_incorrect, (6) mailhide_pub, (7) mailhide_priv, (8) mh_replace_link, or (9) mh_replace_title parameter. | 6.8 |
2011-03-22 | CVE-2011-0331 | Resource Management Errors vulnerability in Honeywell Scanserver Activex Control 780.0.20.5 Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
2011-03-22 | CVE-2010-4228 | Buffer Errors vulnerability in Novell Netware 5.1/6.0/6.5 Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4. | 9.0 |
2011-03-22 | CVE-2009-5062 | Resource Management Errors vulnerability in IBM Lotus Quickr 8.1 IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. | 3.5 |
2011-03-22 | CVE-2009-5061 | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N. | 2.1 |