Total
11442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0979 | 1 Microsoft | 5 Excel, Excel Viewer, Office and 2 more | 2026-06-16 | 9.3 HIGH | N/A |
| Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability." | |||||
| CVE-2011-0926 | 1 Cisco | 1 Secure Desktop | 2026-06-16 | 9.3 HIGH | N/A |
| A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589. | |||||
| CVE-2011-0925 | 1 Cisco | 1 Secure Desktop | 2026-06-16 | 9.3 HIGH | N/A |
| The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926. | |||||
| CVE-2011-0924 | 1 Hp | 1 Data Protector | 2026-06-16 | 10.0 HIGH | N/A |
| The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh. | |||||
| CVE-2011-0923 | 1 Hp | 1 Data Protector | 2026-06-16 | 10.0 HIGH | N/A |
| The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory." | |||||
| CVE-2011-0922 | 1 Hp | 1 Data Protector | 2026-06-16 | 10.0 HIGH | N/A |
| The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname. | |||||
| CVE-2011-0921 | 1 Hp | 1 Data Protector | 2026-06-16 | 10.0 HIGH | N/A |
| crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username. | |||||
| CVE-2011-0912 | 1 Ibm | 1 Lotus Notes | 2026-06-16 | 9.3 HIGH | N/A |
| Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2. | |||||
| CVE-2011-0908 | 1 Vanillaforums | 1 Vanilla | 2026-06-16 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526. | |||||
| CVE-2011-0781 | 1 Google | 1 Chrome | 2026-06-16 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-0779 | 2 Debian, Google | 2 Debian Linux, Chrome | 2026-06-16 | 5.0 MEDIUM | N/A |
| Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. | |||||
| CVE-2011-0771 | 2 Drupal, Janrain | 2 Drupal, Rpx | 2026-06-16 | 6.8 MEDIUM | N/A |
| The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | |||||
| CVE-2011-0764 | 3 Foolabs, Glyphandcog, T1lib | 3 Xpdf, Xpdfreader, T1lib | 2026-06-16 | 6.8 MEDIUM | N/A |
| t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. | |||||
| CVE-2011-0752 | 1 Php | 1 Php | 2026-06-16 | 5.0 MEDIUM | N/A |
| The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. | |||||
| CVE-2011-0745 | 1 Sugarcrm | 1 Sugarcrm | 2026-06-16 | 4.0 MEDIUM | N/A |
| SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php. | |||||
| CVE-2011-0739 | 1 Mikel Lindsaar | 1 Mail | 2026-06-16 | 6.8 MEDIUM | N/A |
| The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address. | |||||
| CVE-2011-0738 | 2 Globus, Ncsa | 2 Globus Toolkit, Myproxy | 2026-06-16 | 4.3 MEDIUM | N/A |
| MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2, does not properly verify the (1) hostname or (2) identity in the X.509 certificate for the myproxy-server, which allows remote attackers to spoof the server and conduct man-in-the-middle (MITM) attacks via a crafted certificate when executing (a) myproxy-logon or (b) myproxy-get-delegation. | |||||
| CVE-2011-0730 | 2 Canonical, Eucalyptus | 2 Ubuntu Linux, Eucalyptus | 2026-06-16 | 6.5 MEDIUM | N/A |
| Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubuntu Enterprise Cloud (UEC) and other products, do not properly interpret signed elements in SOAP requests, which allows man-in-the-middle attackers to execute arbitrary commands by modifying a request, related to an "XML Signature Element Wrapping" or a "SOAP signature replay" issue. | |||||
| CVE-2011-0726 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 2.1 LOW | N/A |
| The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. | |||||
| CVE-2011-0721 | 1 Debian | 1 Shadow | 2026-06-16 | 6.4 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. | |||||