Total
299403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4124 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | |||||
| CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | |||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | |||||
| CVE-2011-4119 | 1 Inria | 1 Caml-light | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. | |||||
| CVE-2011-4117 | 1 Cpan | 1 Batch\ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | |||||
| CVE-2011-4116 | 1 Cpan | 1 File\ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| _is_safe in the File::Temp module for Perl does not properly handle symlinks. | |||||
| CVE-2011-4115 | 1 Cpan | 1 Parallel\ | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. | |||||
| CVE-2011-4095 | 1 Jara Project | 1 Jara | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jara 1.6 has an XSS vulnerability | |||||
| CVE-2011-4094 | 1 Jara Project | 1 Jara | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jara 1.6 has a SQL injection vulnerability. | |||||
| CVE-2011-4090 | 1 S9y | 1 Serendipity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. | |||||
| CVE-2011-4088 | 3 Abrt Project, Fedoraproject, Redhat | 5 Abrt, Fedora, Enterprise Linux Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ABRT might allow attackers to obtain sensitive information from crash reports. | |||||
| CVE-2011-4082 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | |||||
| CVE-2011-4076 | 1 Openstack | 1 Nova | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. | |||||
| CVE-2011-4069 | 1 Packetfence | 1 Packetfence | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. | |||||
| CVE-2011-4068 | 1 Packetfence | 1 Packetfence | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2011-3901 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | |||||
| CVE-2011-3656 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | |||||
| CVE-2011-3642 | 1 Flowplayer | 1 Flowplayer Flash | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||