Total
18196 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-4943 | 1 Impresspages | 1 Impresspages Cms | 2024-11-21 | 9.8 Critical |
ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) | ||||
CVE-2011-4908 | 1 Tiny | 1 Tinybrowser | 2024-11-21 | 9.8 Critical |
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. | ||||
CVE-2011-4906 | 1 Tiny | 1 Tinybrowser | 2024-11-21 | 9.8 Critical |
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. | ||||
CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 9.8 Critical |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | ||||
CVE-2011-4574 | 1 Polarssl | 1 Polarssl | 2024-11-21 | 9.8 Critical |
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results. | ||||
CVE-2011-4373 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Reader, Macos and 2 more | 2024-11-21 | 9.8 Critical |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. | ||||
CVE-2011-4372 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Reader, Macos and 2 more | 2024-11-21 | 9.8 Critical |
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. | ||||
CVE-2011-4125 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 9.8 Critical |
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. | ||||
CVE-2011-4124 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 9.8 Critical |
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | ||||
CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 9.8 Critical |
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | ||||
CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2024-11-21 | 9.8 Critical |
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | ||||
CVE-2011-4119 | 1 Inria | 1 Caml-light | 2024-11-21 | 9.8 Critical |
caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. | ||||
CVE-2011-4094 | 1 Jara Project | 1 Jara | 2024-11-21 | 9.8 Critical |
Jara 1.6 has a SQL injection vulnerability. | ||||
CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | ||||
CVE-2011-3642 | 1 Flowplayer | 1 Flowplayer Flash | 2024-11-21 | 9.6 Critical |
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin. | ||||
CVE-2011-3621 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 9.8 Critical |
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. | ||||
CVE-2011-3614 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 9.8 Critical |
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9. | ||||
CVE-2011-3584 | 1 Guidestar | 1 Wec Discussion Forum | 2024-11-21 | 9.8 Critical |
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | ||||
CVE-2011-3583 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 9.8 Critical |
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | ||||
CVE-2011-3544 | 4 Canonical, Oracle, Redhat and 1 more | 9 Ubuntu Linux, Jdk, Jre and 6 more | 2024-11-21 | 9.8 Critical |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. |