Export limit exceeded: 364909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-3871 2 Puppet, Puppetlabs 2 Puppet, Puppet 2025-04-11 N/A
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
CVE-2011-3866 1 Mozilla 2 Firefox, Seamonkey 2025-04-11 N/A
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
CVE-2011-3839 1 Wuzly 1 Wuzly 2025-04-11 N/A
The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie.
CVE-2011-3207 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-11 N/A
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
CVE-2011-3190 2 Apache, Redhat 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server 2025-04-11 N/A
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
CVE-2011-3129 1 Wordpress 1 Wordpress 2025-04-11 N/A
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
CVE-2011-3014 1 Novell 2 Data Synchronizer, Mobility Pack 2025-04-11 N/A
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation.
CVE-2011-2993 1 Mozilla 2 Firefox, Seamonkey 2025-04-11 N/A
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
CVE-2010-1168 3 Perl, Rafael Garcia-suarez, Redhat 3 Perl, Safe, Enterprise Linux 2025-04-11 N/A
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
CVE-2011-2777 1 Tedfelix 1 Acpid2 2025-04-11 N/A
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
CVE-2011-1967 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2025-04-11 N/A
Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
CVE-2011-1846 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.
CVE-2011-1738 1 Hp 1 Palm Webos 2025-04-11 N/A
HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access.
CVE-2011-1683 1 Ibm 2 Websphere Application Server, Z\/os 2025-04-11 N/A
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
CVE-2011-1680 1 Ncpfs 1 Ncpfs 2025-04-11 N/A
ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
CVE-2011-1676 1 Linux 1 Util-linux 2025-04-11 N/A
mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.
CVE-2011-1032 1 Ibm 2 Lotus Connections, Websphere Application Server 2025-04-11 N/A
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.
CVE-2011-1022 2 Balbir Singh, Redhat 2 Libcgroup, Enterprise Linux 2025-04-11 N/A
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
CVE-2011-1008 1 Bestpractical 1 Rt 2025-04-11 N/A
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
CVE-2011-0980 1 Microsoft 3 Excel, Office, Open Xml File Format Converter 2025-04-11 N/A
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."