The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2011-3471 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3470 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3469 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3468 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3467 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3466 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3465 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3461 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3456 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3455 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3454 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3451 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3445 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3438 | WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. | -- | Apr 24, 2017 |
CVE-2011-3433 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3428 | Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. | -- | Apr 24, 2017 |
CVE-2011-3419 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3418 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3409 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3407 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3405 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a BEAST attack. | Medium | Feb 13, 2012 |
CVE-2011-3374 | It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | MEDIUM | Nov 26, 2019 |
CVE-2011-3373 | Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the Modify node taxonomy terms action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack. | MEDIUM | Nov 26, 2019 |
CVE-2011-3370 | statusnet before 0.9.9 has XSS | MEDIUM | Nov 12, 2019 |
CVE-2011-3355 | evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | MEDIUM | Nov 26, 2019 |
CVE-2011-3352 | Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the \'themename\' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website. | LOW | Nov 21, 2019 |
CVE-2011-3351 | openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | MEDIUM | Nov 26, 2019 |
CVE-2011-3350 | masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping. | HIGH | Nov 20, 2019 |
CVE-2011-3349 | lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | HIGH | Nov 20, 2019 |
CVE-2011-3336 | regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | HIGH | Feb 12, 2020 |
CVE-2011-3269 | Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. | MEDIUM | Mar 10, 2020 |
CVE-2011-3258 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3240 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2011-3210 | The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service (application crash) via out-of-order messages that violate the TLS protocol. | Medium | Oct 5, 2011 |
CVE-2011-3203 | A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | HIGH | Jan 17, 2020 |
CVE-2011-3202 | A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier. | MEDIUM | Jan 16, 2020 |
CVE-2011-3183 | A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. | MEDIUM | Jan 16, 2020 |
CVE-2011-3178 | In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. | MEDIUM | Mar 20, 2018 |
CVE-2011-3177 | The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks. | -- | Sep 8, 2017 |
CVE-2011-3172 | A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | HIGH | Jun 8, 2018 |
CVE-2011-3151 | The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero byte file to be allocated on any writable filesystem. | MEDIUM | Apr 29, 2019 |
CVE-2011-3147 | Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | MEDIUM | Apr 26, 2019 |
CVE-2011-3145 | When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn\'t also set the effective group id. So when it creates the new version, mtab.tmp, it\'s created with the group id of the user running mount.ecryptfs_private. | HIGH | Apr 29, 2019 |
CVE-2011-3139 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3120 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |
CVE-2011-3119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 |