Total
82321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4117 | 1 Cpan | 1 Batch\ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | |||||
| CVE-2011-4115 | 1 Cpan | 1 Parallel\ | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. | |||||
| CVE-2011-4088 | 3 Abrt Project, Fedoraproject, Redhat | 5 Abrt, Fedora, Enterprise Linux Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ABRT might allow attackers to obtain sensitive information from crash reports. | |||||
| CVE-2011-4082 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | |||||
| CVE-2011-3901 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. | |||||
| CVE-2011-3630 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. | |||||
| CVE-2011-3629 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla! core 1.7.1 allows information disclosure due to weak encryption | |||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| atop: symlink attack possible due to insecure tempfile handling | |||||
| CVE-2011-3613 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | |||||
| CVE-2011-3612 | 1 Usebb | 1 Usebb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. | |||||
| CVE-2011-3611 | 1 Usebb | 1 Usebb | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | |||||
| CVE-2011-3600 | 1 Apache | 1 Ofbiz | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. | |||||
| CVE-2011-3596 | 2 Debian, Polipo Project | 2 Debian Linux, Polipo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | |||||
| CVE-2011-3582 | 1 Anelectron | 1 Advanced Electron Forums | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. | |||||
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | |||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | |||||
| CVE-2011-3349 | 1 Lightdm Project | 1 Lightdm | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | |||||
| CVE-2011-3336 | 4 Apple, Freebsd, Openbsd and 1 more | 4 Mac Os X, Freebsd, Openbsd and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | |||||