Export limit exceeded: 24609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4904 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 Medium |
| TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | ||||
| CVE-2011-4902 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 Medium |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | ||||
| CVE-2011-4901 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 Medium |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | ||||
| CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-11-21 | 6.5 Medium |
| TYPO3 before 4.5.4 allows Information Disclosure in the backend. | ||||
| CVE-2011-4627 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 Medium |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | ||||
| CVE-2011-4538 | 1 Lexmark | 66 C540, C540 Firmware, C543 and 63 more | 2024-11-21 | 5.3 Medium |
| Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. | ||||
| CVE-2011-4310 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.5 High |
| The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles. | ||||
| CVE-2011-4182 | 1 Opensuse | 1 Sysconfig | 2024-11-21 | N/A |
| Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. | ||||
| CVE-2011-4181 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 7.5 High |
| A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3. | ||||
| CVE-2011-4124 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 9.8 Critical |
| Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | ||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2024-11-21 | 9.8 Critical |
| Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | ||||
| CVE-2011-4088 | 3 Abrt Project, Fedoraproject, Redhat | 6 Abrt, Fedora, Enterprise Linux and 3 more | 2024-11-21 | 7.5 High |
| ABRT might allow attackers to obtain sensitive information from crash reports. | ||||
| CVE-2011-4076 | 1 Openstack | 1 Nova | 2024-11-21 | 5.9 Medium |
| OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. | ||||
| CVE-2011-3901 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. | ||||
| CVE-2011-3613 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | 7.5 High |
| An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled. | ||||
| CVE-2011-3611 | 1 Usebb | 1 Usebb | 2024-11-21 | 7.2 High |
| A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | ||||
| CVE-2011-3477 | 1 Symantec | 4 Backup Exec System Recovery, Norton 360, Norton Ghost and 1 more | 2024-11-21 | N/A |
| GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | ||||
| CVE-2011-3269 | 1 Lexmark | 168 25xxn, 25xxn Firmware, 6500e and 165 more | 2024-11-21 | 7.5 High |
| Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. | ||||
| CVE-2011-3203 | 1 Jcow | 1 Jcow Cms | 2024-11-21 | 9.8 Critical |
| A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | ||||
| CVE-2011-3147 | 1 Openstack | 1 Nova | 2024-11-21 | 8.6 High |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | ||||