Total
18197 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-3544 | 4 Canonical, Oracle, Redhat and 1 more | 9 Ubuntu Linux, Jdk, Jre and 6 more | 2024-11-21 | 9.8 Critical |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||||
CVE-2011-3350 | 1 Marmaro | 1 Masqmail | 2024-11-21 | 9.8 Critical |
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping. | ||||
CVE-2011-3203 | 1 Jcow | 1 Jcow Cms | 2024-11-21 | 9.8 Critical |
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | ||||
CVE-2011-3188 | 3 F5, Linux, Redhat | 17 Arx, Big-ip Access Policy Manager, Big-ip Analytics and 14 more | 2024-11-21 | 9.1 Critical |
The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. | ||||
CVE-2011-2936 | 1 Elgg | 1 Elgg | 2024-11-21 | 9.8 Critical |
Elgg through 1.7.10 has a SQL injection vulnerability | ||||
CVE-2011-2921 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 9.8 Critical |
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges. | ||||
CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-11-21 | 9.8 Critical |
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | ||||
CVE-2011-2717 | 2 Linux, Redhat | 2 Dhcp6c, Enterprise Linux | 2024-11-21 | 9.8 Critical |
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | ||||
CVE-2011-2715 | 1 Drupal | 2 Data, Drupal | 2024-11-21 | 9.8 Critical |
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | ||||
CVE-2011-2523 | 2 Debian, Vsftpd Project | 2 Debian Linux, Vsftpd | 2024-11-21 | 9.8 Critical |
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | ||||
CVE-2011-2337 | 1 Google | 1 Blink | 2024-11-21 | 9.8 Critical |
A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms. | ||||
CVE-2011-2195 | 1 Websvn | 1 Websvn | 2024-11-21 | 9.8 Critical |
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system. | ||||
CVE-2011-2013 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-11-21 | 9.8 Critical |
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability." | ||||
CVE-2011-1939 | 3 Debian, Php, Zend | 3 Debian Linux, Php, Zend Framework | 2024-11-21 | 9.8 Critical |
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | ||||
CVE-2011-1935 | 1 Tcpdump | 1 Libpcap | 2024-11-21 | 9.8 Critical |
pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. | ||||
CVE-2011-1933 | 1 Jifty\ | 1 \ | 2024-11-21 | 9.8 Critical |
SQL injection vulnerability in Jifty::DBI before 0.68. | ||||
CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2024-11-21 | 9.8 Critical |
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | ||||
CVE-2011-1517 | 1 Sap | 1 Netweaver | 2024-11-21 | 9.8 Critical |
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. | ||||
CVE-2011-1460 | 1 Google | 1 Blink | 2024-11-21 | 9.8 Critical |
WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks. | ||||
CVE-2011-1180 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.8 Critical |
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length. |