Export limit exceeded: 337980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2499 | 1 Mambo-foundation | 1 Mambo Cms | 2024-11-21 | 6.1 Medium |
| Mambo CMS through 4.6.5 has multiple XSS. | ||||
| CVE-2011-2498 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. | ||||
| CVE-2011-2487 | 2 Apache, Redhat | 12 Cxf, Wss4j, Jboss Business Rules Management System and 9 more | 2024-11-21 | 5.9 Medium |
| The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | ||||
| CVE-2011-2480 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-11-21 | 7.5 High |
| Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. | ||||
| CVE-2011-2353 | 1 Google | 1 Blink | 2024-11-21 | 6.5 Medium |
| Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function. | ||||
| CVE-2011-2343 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. | ||||
| CVE-2011-2337 | 1 Google | 1 Blink | 2024-11-21 | 9.8 Critical |
| A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. | ||||
| CVE-2011-2336 | 1 Google | 1 Blink | 2024-11-21 | 6.5 Medium |
| An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts. | ||||
| CVE-2011-2335 | 1 Google | 1 Blink | 2024-11-21 | 7.5 High |
| A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function. | ||||
| CVE-2011-2334 | 1 Google | 1 Blink | 2024-11-21 | 6.5 Medium |
| Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections. | ||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | ||||
| CVE-2011-2195 | 1 Websvn | 1 Websvn | 2024-11-21 | 9.8 Critical |
| A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system. | ||||
| CVE-2011-2187 | 2 Debian, Xscreensaver Project | 2 Debian Linux, Xscreensaver | 2024-11-21 | 7.8 High |
| xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | ||||
| CVE-2011-2177 | 1 Apache | 1 Openoffice | 2024-11-21 | 7.8 High |
| OpenOffice.org v3.3 allows execution of arbitrary code with the privileges of the user running the OpenOffice.org suite tools. | ||||
| CVE-2011-2054 | 1 Cisco | 24 Asa 5500, Asa 5500 Firmware, Asa 5510 and 21 more | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. | ||||
| CVE-2011-1939 | 3 Debian, Php, Zend | 3 Debian Linux, Php, Zend Framework | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | ||||
| CVE-2011-1934 | 2 Debian, Lilo Project | 2 Debian Linux, Lilo | 2024-11-21 | 4.3 Medium |
| lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. | ||||
| CVE-2011-1933 | 1 Jifty\ | 1 \ | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Jifty::DBI before 0.68. | ||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | ||||
| CVE-2011-1830 | 1 Ekiga | 1 Ekiga | 2024-11-21 | N/A |
| Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. | ||||