The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2011-4124 | Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | HIGH | Oct 27, 2021 | n/a |
CVE-2011-4121 | The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of \'1\' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | HIGH | Nov 26, 2019 | n/a |
CVE-2011-4120 | Yubico PAM Module before 2.10 performed user authentication when \'use_first_pass\' PAM configuration option was not used and the module was configured as \'sufficient\' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | HIGH | Nov 26, 2019 | n/a |
CVE-2011-4119 | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. | HIGH | Oct 29, 2021 | n/a |
CVE-2011-4117 | The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. | MEDIUM | Feb 5, 2020 | n/a |
CVE-2011-4116 | _is_safe in the File::Temp module for Perl does not properly handle symlinks. | MEDIUM | Feb 5, 2020 | n/a |
CVE-2011-4115 | Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. | MEDIUM | Feb 5, 2020 | n/a |
CVE-2011-4095 | Jara 1.6 has an XSS vulnerability | MEDIUM | Jan 23, 2020 | n/a |
CVE-2011-4094 | Jara 1.6 has a SQL injection vulnerability. | HIGH | Jan 23, 2020 | n/a |
CVE-2011-4090 | Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-4088 | ABRT might allow attackers to obtain sensitive information from crash reports. | MEDIUM | Feb 5, 2020 | n/a |
CVE-2011-4082 | A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the Accept-Language HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-4076 | OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-4072 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-4069 | html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. | High | Feb 21, 2018 | n/a |
CVE-2011-4068 | The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | High | Feb 21, 2018 | n/a |
CVE-2011-3923 | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | HIGH | Nov 7, 2019 | n/a |
CVE-2011-3901 | Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | MEDIUM | Feb 12, 2020 | n/a |
CVE-2011-3681 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3680 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3679 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3678 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3677 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3676 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3675 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3674 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3673 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3672 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2011-3656 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing. | MEDIUM | Jun 2, 2021 | n/a |
CVE-2011-3642 | Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. | MEDIUM | Feb 12, 2020 | n/a |
CVE-2011-3632 | Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | LOW | Nov 26, 2019 | n/a |
CVE-2011-3631 | Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-3630 | Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-3629 | Joomla! core 1.7.1 allows information disclosure due to weak encryption | MEDIUM | Feb 5, 2020 | n/a |
CVE-2011-3624 | Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-3622 | A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. | MEDIUM | Jan 24, 2020 | n/a |
CVE-2011-3621 | A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. | HIGH | Jan 30, 2020 | n/a |
CVE-2011-3618 | atop: symlink attack possible due to insecure tempfile handling | MEDIUM | Nov 14, 2019 | n/a |
CVE-2011-3617 | Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-3614 | An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | HIGH | Jan 28, 2020 | n/a |
CVE-2011-3613 | An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | MEDIUM | Jan 28, 2020 | n/a |
CVE-2011-3612 | Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. | MEDIUM | Jan 24, 2020 | n/a |
CVE-2011-3611 | A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | HIGH | Jan 29, 2020 | n/a |
CVE-2011-3610 | A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf. | MEDIUM | Jan 23, 2020 | n/a |
CVE-2011-3609 | A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the Access-Control-Allow-Origin HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-3608 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0815. Reason: This candidate is a reservation duplicate of CVE-2012-0815. Notes: All CVE users should reference CVE-2012-0815 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
CVE-2011-3606 | A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution. | LOW | Nov 26, 2019 | n/a |
CVE-2011-3600 | The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-3596 | Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | MEDIUM | Nov 26, 2019 | n/a |
CVE-2011-3595 | Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. | LOW | Jan 24, 2020 | n/a |