Vulnerabilities (CVE)

Filtered by CWE-94
Total 6444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3397 1 Microsoft 2 Windows Server 2003, Windows Xp 2026-06-16 9.3 HIGH N/A
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
CVE-2011-3379 1 Php 1 Php 2026-06-16 7.5 HIGH N/A
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.
CVE-2011-3378 1 Rpm 1 Rpm 2026-06-16 9.3 HIGH N/A
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
CVE-2011-3310 2 Cisco, Microsoft 2 Ciscoworks Common Services, Windows 2026-06-16 9.0 HIGH N/A
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
CVE-2011-3285 1 Cisco 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.
CVE-2011-3261 1 Apple 1 Iphone Os 2026-06-16 6.8 MEDIUM N/A
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
CVE-2011-3260 1 Apple 1 Iphone Os 2026-06-16 6.8 MEDIUM N/A
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
CVE-2011-3256 1 Apple 1 Iphone Os 2026-06-16 4.3 MEDIUM N/A
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
CVE-2011-3232 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-06-16 9.3 HIGH N/A
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
CVE-2011-3231 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-06-16 6.8 MEDIUM N/A
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
CVE-2011-3229 1 Apple 1 Safari 2026-06-16 6.8 MEDIUM N/A
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
CVE-2011-3228 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 6.8 MEDIUM N/A
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
CVE-2011-3221 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 6.8 MEDIUM N/A
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
CVE-2011-3186 1 Rubyonrails 1 Rails 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
CVE-2011-3178 1 Opensuse 1 Open Build Service 2026-06-16 6.5 MEDIUM 8.1 HIGH
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
CVE-2011-3007 1 Mcafee 1 Saas Endpoint Protection 2026-06-16 6.8 MEDIUM N/A
The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to write to arbitrary files by specifying an arbitrary filename in the MyCioScan.Scan.ReportFile parameter, as demonstrated by injecting script into a log file and executing arbitrary code using the MyCioScan.Scan.Start method.
CVE-2011-3000 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-06-16 4.3 MEDIUM N/A
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.
CVE-2011-2984 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-06-16 10.0 HIGH N/A
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
CVE-2011-2964 1 Linuxfoundation 1 Foomatic 2026-06-16 6.8 MEDIUM N/A
foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.
CVE-2011-2767 4 Apache, Canonical, Debian and 1 more 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more 2026-06-16 10.0 HIGH 9.8 CRITICAL
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.