Total
6444 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2752 | 1 Squirrelmail | 1 Squirrelmail | 2026-06-16 | 5.8 MEDIUM | N/A |
| CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555. | |||||
| CVE-2011-2747 | 1 Google | 1 Picasa | 2026-06-16 | 9.3 HIGH | N/A |
| Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2011-2732 | 1 Vmware | 1 Springsource Spring Security | 2026-06-16 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter. | |||||
| CVE-2011-2702 | 1 Gnu | 2 Eglibc, Glibc | 2026-06-16 | 6.8 MEDIUM | N/A |
| Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. | |||||
| CVE-2011-2605 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-16 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | |||||
| CVE-2011-2585 | 1 Cisco | 1 Show And Share | 2026-06-16 | 6.5 MEDIUM | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. | |||||
| CVE-2011-2507 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 6.5 MEDIUM | N/A |
| libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. | |||||
| CVE-2011-2506 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 7.5 HIGH | N/A |
| setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. | |||||
| CVE-2011-2505 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 6.4 MEDIUM | N/A |
| libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." | |||||
| CVE-2011-2478 | 1 Google | 1 Sketchup | 2026-06-16 | 9.3 HIGH | N/A |
| Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2011-2404 | 1 Hp | 1 Easy Printer Care Software | 2026-06-16 | 7.5 HIGH | N/A |
| A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787. | |||||
| CVE-2011-2386 | 1 Visiwave | 1 Site Survey | 2026-06-16 | 9.3 HIGH | N/A |
| VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference. | |||||
| CVE-2011-2381 | 1 Mozilla | 1 Bugzilla | 2026-06-16 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification. | |||||
| CVE-2011-2378 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-06-16 | 10.0 HIGH | N/A |
| The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." | |||||
| CVE-2011-2101 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2026-06-16 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability." | |||||
| CVE-2011-1969 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2026-06-16 | 9.3 HIGH | N/A |
| Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." | |||||
| CVE-2011-1895 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2026-06-16 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." | |||||
| CVE-2011-1863 | 1 Hp | 2 Service Center, Service Manager | 2026-06-16 | 7.5 HIGH | N/A |
| HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors. | |||||
| CVE-2011-1830 | 1 Ekiga | 1 Ekiga | 2026-06-16 | 6.8 MEDIUM | 5.7 MEDIUM |
| Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. | |||||
| CVE-2011-1760 | 1 Maynard Johnson | 1 Oprofile | 2026-06-16 | 7.2 HIGH | N/A |
| utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument. | |||||
