Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2768 | 1 Tor | 1 Tor | 2024-08-06 | N/A |
| Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. | ||||
| CVE-2011-2745 | 1 Chyrp | 1 Chyrp | 2024-08-06 | N/A |
| upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/. | ||||
| CVE-2011-2729 | 3 Apache, Linux, Redhat | 4 Apache Commons Daemon, Tomcat, Linux Kernel and 1 more | 2024-08-06 | N/A |
| native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. | ||||
| CVE-2011-2739 | 1 Emc | 1 Documentum Eroom | 2024-08-06 | N/A |
| The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | ||||
| CVE-2011-2709 | 1 Umich | 2 Libgssapi, Libgssglue | 2024-08-06 | N/A |
| libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs. | ||||
| CVE-2011-2677 | 1 Cybozu | 1 Office | 2024-08-06 | N/A |
| Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | ||||
| CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2024-08-06 | N/A |
| EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | ||||
| CVE-2011-2741 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2024-08-06 | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." | ||||
| CVE-2011-2742 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2024-08-06 | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. | ||||
| CVE-2011-2760 | 1 Brocade | 1 Bigiron Rx Switch | 2024-08-06 | N/A |
| Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet. | ||||
| CVE-2011-2687 | 1 Drupal | 1 Drupal | 2024-08-06 | N/A |
| Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. | ||||
| CVE-2011-2584 | 1 Cisco | 1 Show And Share | 2024-08-06 | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758. | ||||
| CVE-2011-2581 | 1 Cisco | 3 Nexus 3000, Nexus 5000, Nx-os | 2024-08-06 | N/A |
| The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490. | ||||
| CVE-2011-2547 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2024-08-06 | N/A |
| The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. | ||||
| CVE-2011-2527 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-06 | N/A |
| The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. | ||||
| CVE-2011-2500 | 2 Linux-nfs, Redhat | 2 Nfs-utils, Enterprise Linux | 2024-08-06 | N/A |
| The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. | ||||
| CVE-2011-2514 | 1 Redhat | 3 Enterprise Linux, Icedtea-web, Icedtea6 | 2024-08-06 | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. | ||||
| CVE-2011-2495 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-08-06 | N/A |
| fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. | ||||
| CVE-2011-2429 | 7 Adobe, Apple, Google and 4 more | 7 Flash Player, Mac Os X, Android and 4 more | 2024-08-06 | N/A |
| Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." | ||||
| CVE-2011-2486 | 2 Nspluginwrapper, Redhat | 2 Nspluginwrapper, Enterprise Linux | 2024-08-06 | N/A |
| nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash. | ||||