| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51751 |
CVE-2011-4096 |
399 |
|
DoS |
2011-11-17 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. |
|
51752 |
CVE-2011-4093 |
190 |
|
Overflow +Priv |
2014-02-10 |
2018-10-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. |
|
51753 |
CVE-2011-4092 |
20 |
|
|
2014-02-10 |
2014-02-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate. |
|
51754 |
CVE-2011-4091 |
287 |
|
+Info |
2014-02-10 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. |
|
51755 |
CVE-2011-4089 |
264 |
1
|
Exec Code |
2014-04-16 |
2014-04-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. |
|
51756 |
CVE-2011-4087 |
399 |
|
DoS |
2013-06-08 |
2013-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. |
|
51757 |
CVE-2011-4086 |
119 |
|
DoS Overflow |
2012-07-03 |
2017-12-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. |
|
51758 |
CVE-2011-4085 |
287 |
|
Bypass |
2012-11-23 |
2014-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression. |
|
51759 |
CVE-2011-4084 |
399 |
|
DoS |
2011-12-29 |
2011-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 does not properly handle a large number of form parameters, which might allow remote attackers to cause a denial of service (CPU consumption) via a request that triggers storage of many parameters in a hash table. |
|
51760 |
CVE-2011-4083 |
310 |
|
+Info |
2014-02-17 |
2014-02-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. |
|
51761 |
CVE-2011-4081 |
|
|
DoS |
2012-05-24 |
2012-05-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. |
|
51762 |
CVE-2011-4080 |
264 |
|
Bypass |
2012-05-24 |
2012-05-29 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
|
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. |
|
51763 |
CVE-2011-4079 |
189 |
|
DoS Overflow |
2011-10-27 |
2017-08-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry. |
|
51764 |
CVE-2011-4078 |
399 |
|
DoS |
2011-11-03 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379. |
|
51765 |
CVE-2011-4077 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-01-27 |
2016-08-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. |
|
51766 |
CVE-2011-4074 |
79 |
|
XSS |
2011-11-02 |
2011-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command. |
|
51767 |
CVE-2011-4073 |
399 |
|
DoS |
2011-11-17 |
2019-07-29 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. |
|
51768 |
CVE-2011-4064 |
79 |
|
XSS |
2011-11-01 |
2011-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. |
|
51769 |
CVE-2011-4063 |
20 |
|
DoS |
2011-10-21 |
2018-10-09 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. |
|
51770 |
CVE-2011-4061 |
|
|
+Priv |
2011-10-17 |
2018-10-11 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. |
|
51771 |
CVE-2011-4060 |
59 |
|
|
2011-10-17 |
2017-09-01 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. |
|
51772 |
CVE-2011-4057 |
399 |
|
DoS |
2012-01-13 |
2012-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. |
|
51773 |
CVE-2011-4056 |
|
|
|
2012-01-07 |
2012-01-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method. |
|
51774 |
CVE-2011-4054 |
79 |
|
XSS |
2011-12-08 |
2012-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. |
|
51775 |
CVE-2011-4050 |
119 |
|
DoS Overflow |
2011-12-26 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401. |
|
51776 |
CVE-2011-4048 |
255 |
|
+Info |
2011-11-11 |
2015-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information from the database by leveraging the default credentials. |
|
51777 |
CVE-2011-4046 |
310 |
|
+Info |
2011-11-11 |
2011-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code. |
|
51778 |
CVE-2011-4045 |
119 |
|
DoS Overflow |
2012-04-02 |
2012-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document. |
|
51779 |
CVE-2011-4044 |
|
|
|
2012-04-02 |
2012-04-03 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods. |
|
51780 |
CVE-2011-4038 |
79 |
|
XSS |
2012-02-10 |
2012-02-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
|
51781 |
CVE-2011-4036 |
22 |
|
Dir. Trav. |
2011-12-02 |
2011-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. |
|
51782 |
CVE-2011-4035 |
79 |
|
XSS |
2011-12-02 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
51783 |
CVE-2011-4033 |
119 |
|
DoS Overflow |
2011-12-02 |
2011-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. |
|
51784 |
CVE-2011-4029 |
362 |
|
DoS |
2012-07-03 |
2012-07-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. |
|
51785 |
CVE-2011-4028 |
59 |
|
|
2012-07-03 |
2012-07-17 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. |
|
51786 |
CVE-2011-4024 |
79 |
1
|
XSS |
2011-10-21 |
2017-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
51787 |
CVE-2011-4022 |
287 |
|
DoS |
2012-05-03 |
2012-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204. |
|
51788 |
CVE-2011-4019 |
399 |
|
DoS |
2012-05-03 |
2012-05-30 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. |
|
51789 |
CVE-2011-4016 |
20 |
|
DoS |
2012-05-02 |
2016-12-07 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. |
|
51790 |
CVE-2011-4015 |
20 |
|
DoS |
2012-05-02 |
2012-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300. |
|
51791 |
CVE-2011-4014 |
200 |
|
+Info |
2012-05-02 |
2012-08-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807. |
|
51792 |
CVE-2011-4007 |
20 |
|
DoS |
2012-05-02 |
2012-10-29 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576. |
|
51793 |
CVE-2011-3999 |
79 |
|
XSS |
2011-11-09 |
2011-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed. |
|
51794 |
CVE-2011-3998 |
79 |
|
XSS |
2011-11-09 |
2011-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
51795 |
CVE-2011-3996 |
399 |
|
DoS |
2011-11-03 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The LiveData Service in CSWorks before 2.0.4115.1 allows remote attackers to cause a denial of service (service crash) via crafted TCP packets. |
|
51796 |
CVE-2011-3995 |
|
|
DoS |
2011-11-03 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 and earlier allows remote attackers to cause a denial of service (daemon crash) via unknown network traffic. |
|
51797 |
CVE-2011-3994 |
352 |
|
CSRF |
2011-11-03 |
2011-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data. |
|
51798 |
CVE-2011-3993 |
264 |
|
|
2011-11-03 |
2011-11-16 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors. |
|
51799 |
CVE-2011-3990 |
79 |
|
XSS |
2011-12-22 |
2012-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
51800 |
CVE-2011-3987 |
399 |
|
DoS |
2011-11-03 |
2017-08-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard before 4.41.0315, and Pro Advanced before 4.41.0315 allows local users to cause a denial of service (system crash) via an invalid DeviceIoControl request to \\.\dtsoftbusctl. |
