Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 185405 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2011-4916 Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. LOW Jul 13, 2022 n/a
CVE-2011-4915 fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. LOW Feb 25, 2020 n/a
CVE-2011-4912 Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. MEDIUM Feb 5, 2020 n/a
CVE-2011-4908 TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. HIGH Feb 12, 2020 n/a
CVE-2011-4907 Joomla! 1.5x through 1.5.12: Missing JEXEC Check MEDIUM Jan 15, 2020 n/a
CVE-2011-4906 Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. HIGH Feb 12, 2020 n/a
CVE-2011-4904 TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. MEDIUM Nov 8, 2019 n/a
CVE-2011-4903 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. MEDIUM Nov 7, 2019 n/a
CVE-2011-4902 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. MEDIUM Nov 8, 2019 n/a
CVE-2011-4901 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. MEDIUM Nov 8, 2019 n/a
CVE-2011-4900 TYPO3 before 4.5.4 allows Information Disclosure in the backend. MEDIUM Nov 7, 2019 n/a
CVE-2011-4893 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4892 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4891 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4889 The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. HIGH Feb 8, 2018 n/a
CVE-2011-4820 IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user\'s preferences. -- Sep 29, 2022 n/a
CVE-2011-4799 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4798 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4797 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4796 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4795 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4794 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4793 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4792 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4667 The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. Medium Oct 6, 2017 n/a
CVE-2011-4661 A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. MEDIUM Feb 12, 2020 n/a
CVE-2011-4650 Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then the CPU utilization increases. Known Affected Releases: 5.2(1). Known Fixed Releases: 6.0(0)SL1(0.14) 5.2(2.73)S0. Product identification: CSCtt15295. -- Aug 7, 2017 n/a
CVE-2011-4632 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. LOW Nov 8, 2019 n/a
CVE-2011-4631 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. LOW Nov 8, 2019 n/a
CVE-2011-4630 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. LOW Nov 8, 2019 n/a
CVE-2011-4629 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. LOW Nov 8, 2019 n/a
CVE-2011-4628 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. HIGH Nov 8, 2019 n/a
CVE-2011-4627 TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. MEDIUM Nov 8, 2019 n/a
CVE-2011-4626 Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the \"JSwindow\" property of the typolink function. MEDIUM Nov 8, 2019 n/a
CVE-2011-4625 simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. MEDIUM Nov 13, 2019 n/a
CVE-2011-4595 Pretty-Link WordPress plugin 1.5.2 has XSS MEDIUM Jan 13, 2020 n/a
CVE-2011-4574 PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\'s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results. HIGH Oct 28, 2021 n/a
CVE-2011-4558 Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. MEDIUM Jan 30, 2020 n/a
CVE-2011-4538 Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. MEDIUM Mar 10, 2020 n/a
CVE-2011-4455 Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php. MEDIUM Nov 21, 2019 n/a
CVE-2011-4454 Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index. MEDIUM Nov 21, 2019 n/a
CVE-2011-4433 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4430 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4429 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4428 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4427 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4426 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4425 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4424 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
CVE-2011-4423 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none -- Nov 7, 2023 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online