Total
11442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1972 | 1 Microsoft | 1 Visio | 2026-06-16 | 9.3 HIGH | N/A |
| Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability." | |||||
| CVE-2011-1966 | 1 Microsoft | 1 Windows Server 2008 | 2026-06-16 | 10.0 HIGH | N/A |
| The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." | |||||
| CVE-2011-1962 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2026-06-16 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability." | |||||
| CVE-2011-1941 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-1929 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 5.0 MEDIUM | N/A |
| lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | |||||
| CVE-2011-1873 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2026-06-16 | 9.3 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability." | |||||
| CVE-2011-1853 | 1 Hp | 1 Intelligent Management Center | 2026-06-16 | 10.0 HIGH | N/A |
| tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table. | |||||
| CVE-2011-1849 | 1 Hp | 1 Intelligent Management Center | 2026-06-16 | 10.0 HIGH | N/A |
| tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request. | |||||
| CVE-2011-1842 | 1 Ubuntu | 1 Language-selector | 2026-06-16 | 7.2 HIGH | N/A |
| dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729. | |||||
| CVE-2011-1829 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2026-06-16 | 4.3 MEDIUM | N/A |
| APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message. | |||||
| CVE-2011-1826 | 1 Ca | 1 Arcot Webfort Versatile Authentication Server | 2026-06-16 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-1824 | 1 Opera | 1 Opera Browser | 2026-06-16 | 4.3 MEDIUM | N/A |
| The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value. | |||||
| CVE-2011-1813 | 1 Google | 1 Chrome | 2026-06-16 | 6.8 MEDIUM | N/A |
| Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1811 | 1 Google | 1 Chrome | 2026-06-16 | 4.3 MEDIUM | N/A |
| Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2011-1804 | 1 Google | 1 Chrome | 2026-06-16 | 7.5 HIGH | N/A |
| rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1798 | 1 Google | 1 Chrome | 2026-06-16 | 7.5 HIGH | N/A |
| rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document. | |||||
| CVE-2011-1793 | 1 Google | 1 Chrome | 2026-06-16 | 7.5 HIGH | N/A |
| rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer." | |||||
| CVE-2011-1780 | 1 Xen | 1 Xen | 2026-06-16 | 6.1 MEDIUM | N/A |
| The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different instruction in a different thread. | |||||
| CVE-2011-1775 | 1 Tigervnc | 1 Tigervnc | 2026-06-16 | 5.8 MEDIUM | N/A |
| The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitrary certificate. | |||||
| CVE-2011-1774 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2026-06-16 | 8.8 HIGH | N/A |
| WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. | |||||