Total 18197 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-3544 4 Canonical, Oracle, Redhat and 1 more 9 Ubuntu Linux, Jdk, Jre and 6 more 2024-11-21 9.8 Critical
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
CVE-2011-3350 1 Marmaro 1 Masqmail 2024-11-21 9.8 Critical
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
CVE-2011-3203 1 Jcow 1 Jcow Cms 2024-11-21 9.8 Critical
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
CVE-2011-3188 3 F5, Linux, Redhat 17 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 14 more 2024-11-21 9.1 Critical
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.
CVE-2011-2936 1 Elgg 1 Elgg 2024-11-21 9.8 Critical
Elgg through 1.7.10 has a SQL injection vulnerability
CVE-2011-2921 1 Ktsuss Project 1 Ktsuss 2024-11-21 9.8 Critical
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
CVE-2011-2897 3 Debian, Gnome, Redhat 3 Debian Linux, Gdk-pixbuf, Enterprise Linux 2024-11-21 9.8 Critical
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
CVE-2011-2717 2 Linux, Redhat 2 Dhcp6c, Enterprise Linux 2024-11-21 9.8 Critical
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
CVE-2011-2715 1 Drupal 2 Data, Drupal 2024-11-21 9.8 Critical
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
CVE-2011-2523 2 Debian, Vsftpd Project 2 Debian Linux, Vsftpd 2024-11-21 9.8 Critical
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVE-2011-2337 1 Google 1 Blink 2024-11-21 9.8 Critical
A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.
CVE-2011-2195 1 Websvn 1 Websvn 2024-11-21 9.8 Critical
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
CVE-2011-2013 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2024-11-21 9.8 Critical
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
CVE-2011-1939 3 Debian, Php, Zend 3 Debian Linux, Php, Zend Framework 2024-11-21 9.8 Critical
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
CVE-2011-1935 1 Tcpdump 1 Libpcap 2024-11-21 9.8 Critical
pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.
CVE-2011-1933 1 Jifty\ 1 \ 2024-11-21 9.8 Critical
SQL injection vulnerability in Jifty::DBI before 0.68.
CVE-2011-1930 2 Debian, Klibc Project 2 Debian Linux, Klibc 2024-11-21 9.8 Critical
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
CVE-2011-1517 1 Sap 1 Netweaver 2024-11-21 9.8 Critical
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.
CVE-2011-1460 1 Google 1 Blink 2024-11-21 9.8 Critical
WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks.
CVE-2011-1180 1 Linux 1 Linux Kernel 2024-11-21 9.8 Critical
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.