Export limit exceeded: 74797 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74797 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3612 | 1 Usebb | 1 Usebb | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12. | ||||
| CVE-2011-3611 | 1 Usebb | 1 Usebb | 2024-11-21 | 7.2 High |
| A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | ||||
| CVE-2011-3600 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 High |
| The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04. | ||||
| CVE-2011-3596 | 2 Debian, Polipo Project | 2 Debian Linux, Polipo | 2024-11-21 | 7.5 High |
| Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | ||||
| CVE-2011-3582 | 1 Anelectron | 1 Advanced Electron Forums | 2024-11-21 | 8.8 High |
| A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions. | ||||
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2024-11-21 | 7.3 High |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | ||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-11-21 | 7.1 High |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | ||||
| CVE-2011-3349 | 1 Lightdm Project | 1 Lightdm | 2024-11-21 | 7.8 High |
| lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | ||||
| CVE-2011-3336 | 4 Apple, Freebsd, Openbsd and 1 more | 4 Mac Os X, Freebsd, Openbsd and 1 more | 2024-11-21 | 7.5 High |
| regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. | ||||
| CVE-2011-3269 | 1 Lexmark | 168 25xxn, 25xxn Firmware, 6500e and 165 more | 2024-11-21 | 7.5 High |
| Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. | ||||
| CVE-2011-3147 | 1 Openstack | 1 Nova | 2024-11-21 | 8.6 High |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | ||||
| CVE-2011-2934 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 8.8 High |
| A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions. | ||||
| CVE-2011-2933 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 7.2 High |
| An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | ||||
| CVE-2011-2922 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 7.8 High |
| ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code. | ||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. | ||||
| CVE-2011-2668 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header | ||||
| CVE-2011-2538 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | 7.2 High |
| Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands. | ||||
| CVE-2011-2480 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-11-21 | 7.5 High |
| Information Disclosure vulnerability in the 802.11 stack, as used in FreeBSD before 8.2 and NetBSD when using certain non-x86 architectures. A signedness error in the IEEE80211_IOC_CHANINFO ioctl allows a local unprivileged user to cause the kernel to copy large amounts of kernel memory back to the user, disclosing potentially sensitive information. | ||||
| CVE-2011-2335 | 1 Google | 1 Blink | 2024-11-21 | 7.5 High |
| A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function. | ||||
| CVE-2011-2187 | 2 Debian, Xscreensaver Project | 2 Debian Linux, Xscreensaver | 2024-11-21 | 7.8 High |
| xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | ||||