NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
310651	4.3	MEDIUM	ibm	webi	Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspe…	CWE-79 Cross-site Scripting	CVE-2011-1558	2024-11-21 10:26	2011-04-6	Show	GitHub Exploit DB Packet Storm

310652	10.0	HIGH	realflex	realwin	Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2011-1563	2024-11-21 10:26	2011-04-6	Show	GitHub Exploit DB Packet Storm

310653	5.1	MEDIUM	aleksey apple	xml_security_library webkit	xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors invol…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1425	2024-11-21 10:26	2011-04-4	Show	GitHub Exploit DB Packet Storm

310654	7.5	HIGH	icloudcenter	icjobsite	SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than C…	CWE-89 SQL Injection	CVE-2011-1557	2024-11-21 10:26	2011-04-4	Show	GitHub Exploit DB Packet Storm

310655	6.8	MEDIUM	aphpkb	aphpkb	SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.	CWE-89 SQL Injection	CVE-2011-1556	2024-11-21 10:26	2011-04-4	Show	GitHub Exploit DB Packet Storm

310656	6.8	MEDIUM	aphpkb	aphpkb	SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerabili…	CWE-89 SQL Injection	CVE-2011-1555	2024-11-21 10:26	2011-04-4	Show	GitHub Exploit DB Packet Storm

310657	7.5	HIGH	aphpkb	aphpkb	Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) ke…	CWE-89 SQL Injection	CVE-2011-1546	2024-11-21 10:26	2011-04-4	Show	GitHub Exploit DB Packet Storm

310658	4.3	MEDIUM	t1lib foolabs glyphandcog	t1lib xpdf xpdfreader	Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document con…	CWE-189 Numeric Errors	CVE-2011-1554	2024-11-21 10:26	2011-04-1	Show	GitHub Exploit DB Packet Storm

310659	4.3	MEDIUM	t1lib foolabs glyphandcog	t1lib xpdf xpdfreader	Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF …	CWE-399 Resource Management Errors	CVE-2011-1553	2024-11-21 10:26	2011-04-1	Show	GitHub Exploit DB Packet Storm

310660	4.3	MEDIUM	t1lib foolabs glyphandcog	t1lib xpdf xpdfreader	t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash)…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2011-1552	2024-11-21 10:26	2011-04-1	Show	GitHub Exploit DB Packet Storm

310661	6.9	MEDIUM	novell	opensuse_factory	SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1551	2024-11-21 10:26	2011-03-31	Show	GitHub Exploit DB Packet Storm

310662	6.3	MEDIUM	gentoo	logrotate	The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1550	2024-11-21 10:26	2011-03-31	Show	GitHub Exploit DB Packet Storm

310663	6.3	MEDIUM	gentoo	logrotate	The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard lin…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1549	2024-11-21 10:26	2011-03-31	Show	GitHub Exploit DB Packet Storm

310664	6.3	MEDIUM	gentoo	logrotate	The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1548	2024-11-21 10:26	2011-03-31	Show	GitHub Exploit DB Packet Storm

310665	7.2	HIGH	nokia	e75_firmware e75	The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.	CWE-287 Improper Authentication	CVE-2011-1472	2024-11-21 10:26	2011-03-30	Show	GitHub Exploit DB Packet Storm

310666	4.3	MEDIUM	symantec	liveupdate_administrator	Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the …	CWE-79 Cross-site Scripting	CVE-2011-1524	2024-11-21 10:26	2011-03-29	Show	GitHub Exploit DB Packet Storm

310667	7.2	HIGH	emc oracle	data_protection_advisor_collector solaris_sparc	EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-1420	2024-11-21 10:26	2011-03-29	Show	GitHub Exploit DB Packet Storm

310668	7.2	HIGH	ibm	lotus_domino	The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative ch…	CWE-287 Improper Authentication	CVE-2011-1520	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310669	10.0	HIGH	ibm	lotus_domino	The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers …	CWE-287 Improper Authentication	CVE-2011-1519	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310670	6.8	MEDIUM	debian canonical	tex-common ubuntu_linux debian_linux	The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and pos…	CWE-16 Configuration	CVE-2011-1400	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310671	7.5	HIGH	google apple	chrome iphone_os itunes safari	Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead…	CWE-20 Improper Input Validation	CVE-2011-1296	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310672	7.5	HIGH	google apple	chrome iphone_os safari	WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corru…	CWE-20 Improper Input Validation	CVE-2011-1295	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310673	7.5	HIGH	google	chrome	Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other …	CWE-20 Improper Input Validation	CVE-2011-1294	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310674	7.5	HIGH	google debian apple	chrome debian_linux iphone_os itunes safari	Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact v…	CWE-416 Use After Free	CVE-2011-1293	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310675	7.5	HIGH	google debian	chrome debian_linux	Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via…	CWE-416 Use After Free	CVE-2011-1292	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310676	7.5	HIGH	google	chrome	Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, rela…	CWE-120 Classic Buffer Overflow	CVE-2011-1291	2024-11-21 10:26	2011-03-26	Show	GitHub Exploit DB Packet Storm

310677	6.8	MEDIUM	kerio	connect kerio_mailserver	The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted S…	CWE-20 Improper Input Validation	CVE-2011-1506	2024-11-21 10:26	2011-03-23	Show	GitHub Exploit DB Packet Storm

310678	10.0	HIGH	ibm	lotus_quickr	Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2.	NVD-CWE-noinfo	CVE-2011-1505	2024-11-21 10:26	2011-03-23	Show	GitHub Exploit DB Packet Storm

310679	4.3	MEDIUM	tibco	tibbr_service tibbr	Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web scr…	CWE-79 Cross-site Scripting	CVE-2011-1414	2024-11-21 10:26	2011-03-23	Show	GitHub Exploit DB Packet Storm

310680	4.3	MEDIUM	php	php	Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that t…	CWE-189 Numeric Errors	CVE-2011-1471	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310681	4.3	MEDIUM	php	php	The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_conten…	CWE-20 Improper Input Validation	CVE-2011-1470	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310682	4.3	MEDIUM	php	php	Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an …	NVD-CWE-noinfo	CVE-2011-1469	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310683	4.3	MEDIUM	php	php	Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt functio…	CWE-399 Resource Management Errors	CVE-2011-1468	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310684	5.0	MEDIUM	php	php	Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service …	NVD-CWE-noinfo	CVE-2011-1467	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310685	5.0	MEDIUM	php	php	Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in t…	CWE-189 Numeric Errors	CVE-2011-1466	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310686	5.0	MEDIUM	google	chrome	The SPDY implementation in net/http/http_network_transaction.cc in Google Chrome before 11.0.696.14 drains the bodies from SPDY responses, which might allow remote SPDY servers to cause a denial of s…	NVD-CWE-noinfo	CVE-2011-1465	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310687	4.3	MEDIUM	php	php	Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (applicatio…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2011-1464	2024-11-21 10:26	2011-03-20	Show	GitHub Exploit DB Packet Storm

310688	5.0	MEDIUM	otrs	otrs	The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier …	CWE-310 Cryptographic Issues	CVE-2011-1433	2024-11-21 10:26	2011-03-19	Show	GitHub Exploit DB Packet Storm

310689	6.8	MEDIUM	sco	scoofficeserver	The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cle…	NVD-CWE-Other	CVE-2011-1432	2024-11-21 10:26	2011-03-17	Show	GitHub Exploit DB Packet Storm

310690	6.8	MEDIUM	frederik_vermeulen	netqmail	The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to inse…	NVD-CWE-Other	CVE-2011-1431	2024-11-21 10:26	2011-03-17	Show	GitHub Exploit DB Packet Storm

310691	6.8	MEDIUM	ipswitch	imail	The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP…	CWE-20 Improper Input Validation	CVE-2011-1430	2024-11-21 10:26	2011-03-17	Show	GitHub Exploit DB Packet Storm

310692	5.8	MEDIUM	mutt	mutt	Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitra…	CWE-20 Improper Input Validation	CVE-2011-1429	2024-11-21 10:26	2011-03-17	Show	GitHub Exploit DB Packet Storm

310693	5.8	MEDIUM	flashtux	weechat	Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in…	CWE-20 Improper Input Validation	CVE-2011-1428	2024-11-21 10:26	2011-03-17	Show	GitHub Exploit DB Packet Storm

310694	4.3	MEDIUM	kodak	insite	Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderW…	CWE-79 Cross-site Scripting	CVE-2011-1427	2024-11-21 10:26	2011-03-16	Show	GitHub Exploit DB Packet Storm

310695	5.8	MEDIUM	apache	tomcat	Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP r…	NVD-CWE-Other	CVE-2011-1419	2024-11-21 10:26	2011-03-15	Show	GitHub Exploit DB Packet Storm

310696	5.0	MEDIUM	apple	iphone_os apple_tv tvos	The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, w…	CWE-200 Information Exposure	CVE-2011-1418	2024-11-21 10:26	2011-03-12	Show	GitHub Exploit DB Packet Storm

310697	6.8	MEDIUM	apple	mac_os_x_server mac_os_x iphone_os	Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a …	CWE-189 Numeric Errors	CVE-2011-1417	2024-11-21 10:26	2011-03-12	Show	GitHub Exploit DB Packet Storm

310698	5.0	MEDIUM	rim	blackberry_torch_9800_firmware blackberry_torch_9800	The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pin…	CWE-200 Information Exposure	CVE-2011-1416	2024-11-21 10:26	2011-03-12	Show	GitHub Exploit DB Packet Storm

310699	5.0	MEDIUM	google	chrome	Google Chrome before 10.0.648.127 on Linux does not properly mitigate an unspecified flaw in an X server, which allows remote attackers to cause a denial of service (application crash) via vectors in…	NVD-CWE-noinfo	CVE-2011-1413	2024-11-21 10:26	2011-03-11	Show	GitHub Exploit DB Packet Storm

310700	8.8	HIGH	microsoft	internet_explorer	Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as…	NVD-CWE-noinfo	CVE-2011-1347	2024-11-21 10:26	2011-03-11	Show	GitHub Exploit DB Packet Storm