Vulnerabilities (CVE)

Filtered by CWE-94
Total 6444 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2752 1 Squirrelmail 1 Squirrelmail 2026-06-16 5.8 MEDIUM N/A
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.
CVE-2011-2747 1 Google 1 Picasa 2026-06-16 9.3 HIGH N/A
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
CVE-2011-2732 1 Vmware 1 Springsource Spring Security 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
CVE-2011-2702 1 Gnu 2 Eglibc, Glibc 2026-06-16 6.8 MEDIUM N/A
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
CVE-2011-2605 1 Mozilla 2 Firefox, Thunderbird 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
CVE-2011-2585 1 Cisco 1 Show And Share 2026-06-16 6.5 MEDIUM N/A
Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857.
CVE-2011-2507 1 Phpmyadmin 1 Phpmyadmin 2026-06-16 6.5 MEDIUM N/A
libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.
CVE-2011-2506 1 Phpmyadmin 1 Phpmyadmin 2026-06-16 7.5 HIGH N/A
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
CVE-2011-2505 1 Phpmyadmin 1 Phpmyadmin 2026-06-16 6.4 MEDIUM N/A
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
CVE-2011-2478 1 Google 1 Sketchup 2026-06-16 9.3 HIGH N/A
Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
CVE-2011-2404 1 Hp 1 Easy Printer Care Software 2026-06-16 7.5 HIGH N/A
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.
CVE-2011-2386 1 Visiwave 1 Site Survey 2026-06-16 9.3 HIGH N/A
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.
CVE-2011-2381 1 Mozilla 1 Bugzilla 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.
CVE-2011-2378 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-06-16 10.0 HIGH N/A
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."
CVE-2011-2101 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2026-06-16 9.3 HIGH N/A
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
CVE-2011-1969 1 Microsoft 1 Forefront Unified Access Gateway 2026-06-16 9.3 HIGH N/A
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
CVE-2011-1895 1 Microsoft 1 Forefront Unified Access Gateway 2026-06-16 4.3 MEDIUM N/A
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
CVE-2011-1863 1 Hp 2 Service Center, Service Manager 2026-06-16 7.5 HIGH N/A
HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.
CVE-2011-1830 1 Ekiga 1 Ekiga 2026-06-16 6.8 MEDIUM 5.7 MEDIUM
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.
CVE-2011-1760 1 Maynard Johnson 1 Oprofile 2026-06-16 7.2 HIGH N/A
utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument.