Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-01 | CVE-2011-2608 | Improper Input Validation vulnerability in HP Openview Performance Agent and Operations Agent ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command. | 6.4 |
| 2011-07-01 | CVE-2011-1515 | Resource Management Errors vulnerability in HP Openview Storage Data Protector The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (daemon exit) via a request containing crafted parameters. | 5.0 |
| 2011-07-01 | CVE-2011-1514 | Denial-Of-Service vulnerability in OpenView Storage Data Protector The inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request containing crafted parameters. | 5.0 |
| 2011-07-01 | CVE-2011-1337 | Resource Management Errors vulnerability in Opera Browser Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages. | 4.3 |
| 2011-06-30 | CVE-2011-2607 | Cross-Site Scripting vulnerability in IBM Rational Team Concert 3.0 Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513. | 4.3 |
| 2011-06-30 | CVE-2011-2606 | Cross-Site Scripting vulnerability in IBM Rational Team Concert 3.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511. | 4.3 |
| 2011-06-30 | CVE-2011-2605 | Code Injection vulnerability in Mozilla Firefox and Thunderbird CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | 4.3 |
| 2011-06-30 | CVE-2011-2377 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. | 5.0 |
| 2011-06-30 | CVE-2011-2370 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. | 5.0 |
| 2011-06-30 | CVE-2011-2369 | Cross-Site Scripting vulnerability in Mozilla Firefox 4.0/4.0.1 Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. | 4.3 |