The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2011-3586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3504. Reason: This candidate is a duplicate of CVE-2011-3504. Notes: All CVE users should reference CVE-2011-3504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2011-3585 | Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. | LOW | Jan 10, 2020 | n/a |
| CVE-2011-3584 | The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | HIGH | Nov 26, 2019 | n/a |
| CVE-2011-3583 | It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | HIGH | Nov 26, 2019 | n/a |
| CVE-2011-3582 | A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. | MEDIUM | Jan 27, 2020 | n/a |
| CVE-2011-3572 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3567 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3540 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3505 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3480 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3477 | GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | MEDIUM | Feb 19, 2018 | n/a |
| CVE-2011-3476 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3475 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3474 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3473 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3472 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3471 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3470 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3469 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3468 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3467 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3466 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3465 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3461 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3456 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3455 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3454 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3451 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3445 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3438 | WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. | -- | Apr 24, 2017 | n/a |
| CVE-2011-3433 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 | n/a |
| CVE-2011-3428 | Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. | -- | Apr 24, 2017 | n/a |
| CVE-2011-3419 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3418 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3409 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3407 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3405 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a BEAST attack. | Medium | Feb 13, 2012 | webcli_curl-7.50.3.0 (VxWorks 7) |
| CVE-2011-3374 | It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | MEDIUM | Nov 26, 2019 | n/a |
| CVE-2011-3373 | Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the Modify node taxonomy terms action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack. | MEDIUM | Nov 26, 2019 | n/a |
| CVE-2011-3370 | statusnet before 0.9.9 has XSS | MEDIUM | Nov 12, 2019 | n/a |
| CVE-2011-3355 | evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | MEDIUM | Nov 26, 2019 | n/a |
| CVE-2011-3352 | Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the \'themename\' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website. | LOW | Nov 21, 2019 | n/a |
| CVE-2011-3351 | openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | MEDIUM | Nov 26, 2019 | n/a |
| CVE-2011-3350 | masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping. | HIGH | Nov 20, 2019 | n/a |
| CVE-2011-3349 | lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | HIGH | Nov 20, 2019 | n/a |
| CVE-2011-3336 | regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | HIGH | Feb 12, 2020 | n/a |
