Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2011-2527 2.1
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
02-11-2020 - 14:39 21-06-2012 - 15:55
CVE-2011-2834 6.8
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
08-05-2020 - 18:12 19-09-2011 - 12:02
CVE-2011-1072 3.3
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnera
23-01-2020 - 14:33 03-03-2011 - 01:00
CVE-2011-1773 4.4
virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.
22-04-2019 - 17:48 08-02-2014 - 00:55
CVE-2011-5064 4.3 in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for
25-03-2019 - 11:33 14-01-2012 - 21:55
CVE-2011-2896 5.1
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in
30-10-2018 - 16:26 19-08-2011 - 17:55
CVE-2011-4973 7.5
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
15-03-2018 - 16:59 15-02-2018 - 21:29
CVE-2011-1677 4.6
mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
10-01-2018 - 02:29 10-04-2011 - 02:55
CVE-2011-3009 5.0
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a
29-08-2017 - 01:29 05-08-2011 - 22:55
CVE-2011-1089 3.3
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonst
07-12-2016 - 18:15 10-04-2011 - 02:55
CVE-2011-4110 2.1
The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a
23-08-2016 - 02:04 27-01-2012 - 15:55
CVE-2011-3590 5.7
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-d
06-03-2014 - 04:32 15-02-2014 - 14:57
CVE-2011-2500 7.5
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
06-03-2014 - 04:30 15-02-2014 - 14:57
CVE-2011-4083 4.3
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which migh
19-02-2014 - 00:40 17-02-2014 - 16:55
CVE-2011-4099 4.6
The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.
10-02-2014 - 15:09 08-02-2014 - 00:55
CVE-2011-3636 6.8
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
05-03-2012 - 05:00 08-12-2011 - 11:55
CVE-2010-3389 6.9
The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse
02-02-2012 - 03:58 20-10-2010 - 18:00
Back to Top Mark selected
Back to Top