Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-07-01 | CVE-2011-1337 | Resource Management Errors vulnerability in Opera Browser Opera before 11.50 allows remote attackers to cause a denial of service (disk consumption) via invalid URLs that trigger creation of error pages. | 4.3 |
2011-06-30 | CVE-2011-2607 | Cross-Site Scripting vulnerability in IBM Rational Team Concert 3.0 Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513. | 4.3 |
2011-06-30 | CVE-2011-2606 | Cross-Site Scripting vulnerability in IBM Rational Team Concert 3.0 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511. | 4.3 |
2011-06-30 | CVE-2011-2605 | Code Injection vulnerability in Mozilla Firefox and Thunderbird CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | 4.3 |
2011-06-30 | CVE-2011-2377 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. | 5.0 |
2011-06-30 | CVE-2011-2370 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. | 5.0 |
2011-06-30 | CVE-2011-2369 | Cross-Site Scripting vulnerability in Mozilla Firefox 4.0/4.0.1 Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. | 4.3 |
2011-06-30 | CVE-2011-2367 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox 4.0/4.0.1 The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors. | 6.4 |
2011-06-30 | CVE-2011-2362 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | 5.0 |
2011-06-30 | CVE-2011-2599 | Information Exposure vulnerability in Google Chrome 11 Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. | 4.3 |