CVE List 2011

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2011-5321
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
kernel The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory. May 2, 2016, 05:05 am
CVE-2011-5320
6.2 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal glibc scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. October 18, 2017, 09:10 am
CVE-2011-5154
6.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal gui Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information. September 6, 2012, 05:09 am
CVE-2011-5095
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923. June 20, 2012, 12:06 pm
CVE-2011-5049
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306. January 4, 2012, 13:01 pm
CVE-2011-5000
3.5 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low openssh The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. April 5, 2012, 09:04 am
CVE-2011-4963
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal nginx nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. July 26, 2012, 14:07 pm
CVE-2011-4944
1.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low python Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. August 27, 2012, 18:08 pm
CVE-2011-4940
2.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low python The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. June 27, 2012, 05:06 am
CVE-2011-4917
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. September 18, 2012, 13:09 pm
CVE-2011-4916
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. September 18, 2012, 13:09 pm
CVE-2011-4915
4.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. September 18, 2012, 13:09 pm
CVE-2011-4914
6.4 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. June 21, 2012, 18:06 pm
CVE-2011-4913
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. June 21, 2012, 18:06 pm
CVE-2011-4885
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. December 29, 2011, 19:12 pm
CVE-2011-4868
6.1 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium dhcp The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update. January 14, 2012, 21:01 pm
CVE-2011-4815
7.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious ruby Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. December 29, 2011, 19:12 pm
CVE-2011-4782
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. December 22, 2011, 14:12 pm
CVE-2011-4780
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. December 22, 2011, 14:12 pm
CVE-2011-4718
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. August 13, 2013, 10:08 am
CVE-2011-4692
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. December 7, 2011, 13:12 pm
CVE-2011-4634
4.3 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog. December 22, 2011, 14:12 pm
CVE-2011-4622
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kvm The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. January 27, 2012, 09:01 am
CVE-2011-4621
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop. May 17, 2012, 06:05 am
CVE-2011-4619
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. January 5, 2012, 19:01 pm
CVE-2011-4613
4.6 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium x_server The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. February 5, 2014, 13:02 pm
CVE-2011-4611
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhandled performance monitor exception) via vectors that trigger certain outcomes of performance events. May 17, 2012, 06:05 am
CVE-2011-4609
5.0 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. May 2, 2013, 09:05 am
CVE-2011-4604
6.8 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet. June 7, 2013, 09:06 am
CVE-2011-4600
5.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libvirt The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. April 14, 2016, 10:04 am
CVE-2011-4594
4.9 MV Product/Version
affected:
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference. May 17, 2012, 06:05 am
CVE-2011-4578
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium acpid2 event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls. August 29, 2012, 17:08 pm
CVE-2011-4577
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. January 5, 2012, 19:01 pm
CVE-2011-4576
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. January 5, 2012, 19:01 pm
CVE-2011-4566
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. November 28, 2011, 18:11 pm
CVE-2011-4539
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dhcp dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. December 8, 2011, 05:12 am
CVE-2011-4374
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors. January 19, 2012, 13:01 pm
CVE-2011-4362
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal lighttpd Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. December 24, 2011, 13:12 pm
CVE-2011-4355
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gdb GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. March 5, 2013, 15:03 pm
CVE-2011-4354
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. January 26, 2012, 18:01 pm
CVE-2011-4348
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482. June 8, 2013, 08:06 am
CVE-2011-4347
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. June 8, 2013, 08:06 am
CVE-2011-4339
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low openipmi ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. December 14, 2011, 21:12 pm
CVE-2011-4330
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. January 27, 2012, 09:01 am
CVE-2011-4327
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low openssh ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call. February 2, 2014, 21:02 pm
CVE-2011-4326
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel before 2.6.39, when a certain UDP Fragmentation Offload (UFO) configuration is enabled, allows remote attackers to cause a denial of service (system crash) by sending fragmented IPv6 UDP packets to a bridge device. May 17, 2012, 06:05 am
CVE-2011-4325
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP. January 27, 2012, 09:01 am
CVE-2011-4324
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem. June 21, 2012, 18:06 pm
CVE-2011-4317
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. November 29, 2011, 22:11 pm
CVE-2011-4315
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal nginx Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. December 8, 2011, 14:12 pm
CVE-2011-4313
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bind query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. November 29, 2011, 11:11 am
CVE-2011-4153
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. January 18, 2012, 14:01 pm
CVE-2011-4132
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value." January 27, 2012, 09:01 am
CVE-2011-4131
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words. May 17, 2012, 06:05 am
CVE-2011-4130
9.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High proftpd Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. December 6, 2011, 05:12 am
CVE-2011-4128
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium gnutls Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. December 8, 2011, 14:12 pm
CVE-2011-4127
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. July 3, 2012, 11:07 am
CVE-2011-4112
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface. May 17, 2012, 06:05 am
CVE-2011-4111
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium qemu Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message. February 26, 2014, 09:02 am
CVE-2011-4110
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." January 27, 2012, 09:01 am
CVE-2011-4109
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High openssl Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. January 5, 2012, 19:01 pm
CVE-2011-4108
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. January 5, 2012, 19:01 pm
CVE-2011-4107
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. November 17, 2011, 13:11 pm
CVE-2011-4102
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Heap-based buffer overflow in the erf_read_header function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (application crash) via a malformed file. November 3, 2011, 10:11 am
CVE-2011-4101
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. November 3, 2011, 10:11 am
CVE-2011-4100
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. November 3, 2011, 10:11 am
CVE-2011-4099
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libcap The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. February 7, 2014, 18:02 pm
CVE-2011-4098
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory. June 8, 2013, 08:06 am
CVE-2011-4097
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory. May 17, 2012, 06:05 am
CVE-2011-4096
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium squid The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. November 17, 2011, 13:11 pm
CVE-2011-4089
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bzip2 The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. April 16, 2014, 13:04 pm
CVE-2011-4087
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device. June 8, 2013, 08:06 am
CVE-2011-4086
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal. July 3, 2012, 11:07 am
CVE-2011-4081
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel crypto/ghash-generic.c in the Linux kernel before 3.1 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by triggering a failed or missing ghash_setkey function call, followed by a (1) ghash_update function call or (2) ghash_final function call, as demonstrated by a write operation on an AF_ALG socket. May 24, 2012, 18:05 pm
CVE-2011-4080
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. May 24, 2012, 18:05 pm
CVE-2011-4079
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry. October 27, 2011, 15:10 pm
CVE-2011-4077
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname. January 27, 2012, 09:01 am
CVE-2011-4064
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value. November 1, 2011, 14:11 pm
CVE-2011-4029
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low x_server The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. July 3, 2012, 14:07 pm
CVE-2011-4028
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low x_server The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. July 3, 2012, 14:07 pm
CVE-2011-3970
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libxslt libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. February 8, 2012, 22:02 pm
CVE-2011-3919
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High chrome Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. January 7, 2012, 05:01 am
CVE-2011-3646
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message. November 17, 2011, 13:11 pm
CVE-2011-3639
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. November 29, 2011, 22:11 pm
CVE-2011-3638
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. March 1, 2013, 06:03 am
CVE-2011-3637
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error. May 17, 2012, 06:05 am
CVE-2011-3634
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low apt methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors. February 28, 2014, 18:02 pm
CVE-2011-3619
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/attr/current file. June 8, 2013, 08:06 am
CVE-2011-3607
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. November 8, 2011, 05:11 am
CVE-2011-3605
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium router_advertisement_daemon The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests. February 17, 2014, 10:02 am
CVE-2011-3604
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High router_advertisement_daemon The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors. February 17, 2014, 10:02 am
CVE-2011-3602
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium router_advertisement_daemon Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files. April 27, 2014, 16:04 pm
CVE-2011-3597
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High digest Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. January 13, 2012, 12:01 pm
CVE-2011-3593
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. June 8, 2013, 08:06 am
CVE-2011-3592
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation. December 25, 2014, 20:12 pm
CVE-2011-3591
3.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js. December 25, 2014, 20:12 pm
CVE-2011-3589
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kexec-tools The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key. February 15, 2014, 08:02 am
CVE-2011-3588
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kexec-tools The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. February 15, 2014, 08:02 am
CVE-2011-3585
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. December 8, 2011, 10:12 am
CVE-2011-3484
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet. September 20, 2011, 05:09 am
CVE-2011-3483
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability." September 20, 2011, 05:09 am
CVE-2011-3482
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. September 20, 2011, 05:09 am
CVE-2011-3464
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libpng Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. July 22, 2012, 12:07 pm
CVE-2011-3389
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium chrome The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. September 6, 2011, 14:09 pm
CVE-2011-3379
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. November 3, 2011, 10:11 am
CVE-2011-3378
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High rpm RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. December 24, 2011, 13:12 pm
CVE-2011-3368
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. October 5, 2011, 17:10 pm
CVE-2011-3363
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. May 24, 2012, 18:05 pm
CVE-2011-3360
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. September 20, 2011, 05:09 am
CVE-2011-3359
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux kernel before 2.6.39 does not properly allocate receive buffers, which allows remote attackers to cause a denial of service (system crash) via a crafted frame. May 24, 2012, 18:05 pm
CVE-2011-3353
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the ability to mount a FUSE filesystem. May 24, 2012, 18:05 pm
CVE-2011-3348
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. September 20, 2011, 00:09 am
CVE-2011-3346
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium qemu Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs. April 1, 2014, 01:04 am
CVE-2011-3328
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libpng The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. January 17, 2012, 13:01 pm
CVE-2011-3327
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious quagga Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. October 10, 2011, 05:10 am
CVE-2011-3326
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal quagga The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. October 10, 2011, 05:10 am
CVE-2011-3325
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal quagga ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. October 10, 2011, 05:10 am
CVE-2011-3324
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal quagga The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. October 10, 2011, 05:10 am
CVE-2011-3323
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal quagga The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. October 10, 2011, 05:10 am
CVE-2011-3268
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical php Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. August 25, 2011, 13:08 pm
CVE-2011-3267
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. August 25, 2011, 13:08 pm
CVE-2011-3266
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low wireshark The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree. August 23, 2011, 19:08 pm
CVE-2011-3244
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3241
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3239
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3238
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3237
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3236
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3235
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3233
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-3210
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. September 22, 2011, 05:09 am
CVE-2011-3209
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call. October 3, 2012, 06:10 am
CVE-2011-3207
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. September 22, 2011, 05:09 am
CVE-2011-3205
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal squid Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. September 6, 2011, 10:09 am
CVE-2011-3194
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical qt Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. June 15, 2012, 19:06 pm
CVE-2011-3193
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qt Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. June 15, 2012, 19:06 pm
CVE-2011-3192
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High appache The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. August 29, 2011, 10:08 am
CVE-2011-3191
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory. May 24, 2012, 18:05 pm
CVE-2011-3189
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. August 25, 2011, 09:08 am
CVE-2011-3188
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. May 24, 2012, 18:05 pm
CVE-2011-3182
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. August 25, 2011, 09:08 am
CVE-2011-3181
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. August 29, 2011, 12:08 pm
CVE-2011-3171
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low pure-ftpd Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors. November 4, 2011, 16:11 pm
CVE-2011-3170
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal cups The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. August 19, 2011, 12:08 pm
CVE-2011-3149
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). July 22, 2012, 12:07 pm
CVE-2011-3148
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.pam_environment file. July 22, 2012, 12:07 pm
CVE-2011-3146
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal librsvg librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. September 5, 2012, 18:09 pm
CVE-2011-3145
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 22, 2011, 15:08 pm
CVE-2011-3102
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium chrome Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. May 15, 2012, 19:05 pm
CVE-2011-3048
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libpng The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. May 29, 2012, 15:05 pm
CVE-2011-3026
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High chrome Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. February 16, 2012, 14:02 pm
CVE-2011-3009
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ruby Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. August 5, 2011, 17:08 pm
CVE-2011-2942
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. June 8, 2013, 08:06 am
CVE-2011-2940
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical stunnel stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. August 25, 2011, 09:08 am
CVE-2011-2939
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium encode_module Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. January 13, 2012, 12:01 pm
CVE-2011-2928
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. August 29, 2011, 12:08 pm
CVE-2011-2918
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. May 24, 2012, 18:05 pm
CVE-2011-2909
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string. February 15, 2014, 08:02 am
CVE-2011-2906
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel ** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in unusual environments that provide a privileged program for obtaining the required file descriptor. May 24, 2012, 18:05 pm
CVE-2011-2905
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory. March 1, 2013, 06:03 am
CVE-2011-2898
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. May 24, 2012, 18:05 pm
CVE-2011-2897
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 4, 2011, 10:08 am
CVE-2011-2896
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium cups The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. August 19, 2011, 12:08 pm
CVE-2011-2895
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High freetype The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896. August 19, 2011, 12:08 pm
CVE-2011-2866
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. March 8, 2012, 16:03 pm
CVE-2011-2834
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium chrome Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. September 19, 2011, 07:09 am
CVE-2011-2831
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2821
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High chrome Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. August 29, 2011, 10:08 am
CVE-2011-2820
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2817
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2816
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2815
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2814
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2813
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2811
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2809
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2766
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious perl The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. September 23, 2011, 05:09 am
CVE-2011-2749
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High dhcp The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. August 15, 2011, 16:08 pm
CVE-2011-2748
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High dhcp The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. August 15, 2011, 16:08 pm
CVE-2011-2728
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium perl The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. December 20, 2012, 23:12 pm
CVE-2011-2724
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low samba The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. September 6, 2011, 11:09 am
CVE-2011-2723
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. September 6, 2011, 10:09 am
CVE-2011-2719
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. August 1, 2011, 14:08 pm
CVE-2011-2718
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. August 1, 2011, 14:08 pm
CVE-2011-2717
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 24, 2011, 11:08 am
CVE-2011-2716
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium busybox The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. July 3, 2012, 11:07 am
CVE-2011-2707
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel memory locations via a crafted PTRACE_SETXTREGS request. May 24, 2012, 18:05 pm
CVE-2011-2705
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ruby The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. August 5, 2011, 16:08 pm
CVE-2011-2702
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium eglibc Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. October 27, 2014, 15:10 pm
CVE-2011-2700
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID. September 6, 2011, 10:09 am
CVE-2011-2699
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of service (disrupted networking) by predicting these values and sending crafted packets. May 24, 2012, 18:05 pm
CVE-2011-2698
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Off-by-one error in the elem_cell_id_aux function in epan/dissectors/packet-ansi_a.c in the ANSI MAP dissector in Wireshark 1.4.x before 1.4.8 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (infinite loop) via an invalid packet. August 23, 2011, 16:08 pm
CVE-2011-2696
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libsndfile Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. July 26, 2011, 21:07 pm
CVE-2011-2695
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple off-by-one errors in the ext4 subsystem in the Linux kernel before 3.0-rc5 allow local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer. July 28, 2011, 17:07 pm
CVE-2011-2694
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low samba Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page). July 29, 2011, 15:07 pm
CVE-2011-2692
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libpng The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. July 17, 2011, 15:07 pm
CVE-2011-2691
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libpng The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. July 17, 2011, 15:07 pm
CVE-2011-2690
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libpng Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. July 17, 2011, 15:07 pm
CVE-2011-2689
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space. July 28, 2011, 17:07 pm
CVE-2011-2686
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ruby Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development. August 5, 2011, 16:08 pm
CVE-2011-2660
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious vpnc The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name. September 6, 2011, 11:09 am
CVE-2011-2643
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. August 1, 2011, 14:08 pm
CVE-2011-2642
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. August 1, 2011, 14:08 pm
CVE-2011-2597
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets. July 7, 2011, 14:07 pm
CVE-2011-2533
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low dbus The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. June 22, 2011, 18:06 pm
CVE-2011-2527
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low qemu The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. June 21, 2012, 10:06 am
CVE-2011-2525
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call. February 1, 2012, 22:02 pm
CVE-2011-2524
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libsoup Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. August 31, 2011, 18:08 pm
CVE-2011-2522
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium samba Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program. July 29, 2011, 15:07 pm
CVE-2011-2521
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program. May 24, 2012, 18:05 pm
CVE-2011-2519
5.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. December 26, 2013, 19:12 pm
CVE-2011-2518
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name. May 24, 2012, 18:05 pm
CVE-2011-2517
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value. May 24, 2012, 18:05 pm
CVE-2011-2512
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium qemu-kvm The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison. June 21, 2012, 10:06 am
CVE-2011-2511
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libvirt Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption. August 10, 2011, 15:08 pm
CVE-2011-2508
6.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. July 14, 2011, 18:07 pm
CVE-2011-2507
6.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. July 14, 2011, 18:07 pm
CVE-2011-2506
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious phpmyadmin setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. July 14, 2011, 18:07 pm
CVE-2011-2505
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." July 14, 2011, 18:07 pm
CVE-2011-2504
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal x11perf Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. March 8, 2013, 16:03 pm
CVE-2011-2503
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low systemtap The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization. July 26, 2012, 14:07 pm
CVE-2011-2502
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal systemtap runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument. July 26, 2012, 14:07 pm
CVE-2011-2501
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libpng The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources. July 17, 2011, 15:07 pm
CVE-2011-2500
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High nfs-utils The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. February 15, 2014, 08:02 am
CVE-2011-2498
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 28, 2011, 22:06 pm
CVE-2011-2497
8.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow. August 29, 2011, 13:08 pm
CVE-2011-2496
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. June 13, 2012, 05:06 am
CVE-2011-2493
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. June 13, 2012, 05:06 am
CVE-2011-2492
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. July 28, 2011, 17:07 pm
CVE-2011-2491
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call. March 1, 2013, 06:03 am
CVE-2011-2485
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal gdk-pixbuf The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file. July 3, 2012, 11:07 am
CVE-2011-2484
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. June 24, 2011, 15:06 pm
CVE-2011-2483
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. August 25, 2011, 09:08 am
CVE-2011-2482
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet. June 8, 2013, 08:06 am
CVE-2011-2479
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application. March 1, 2013, 06:03 am
CVE-2011-2473
6.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal oprofile The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. June 9, 2011, 16:06 pm
CVE-2011-2472
6.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal oprofile Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to overwrite arbitrary files via a .. (dot dot) in the --save argument, related to the --session-dir argument, a different vulnerability than CVE-2011-1760. June 9, 2011, 16:06 pm
CVE-2011-2471
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious oprofile utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760. June 9, 2011, 16:06 pm
CVE-2011-2465
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low bind Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query. July 8, 2011, 15:07 pm
CVE-2011-2464
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium bind Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. July 8, 2011, 15:07 pm
CVE-2011-2411
9.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical samba Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors. October 2, 2011, 15:10 pm
CVE-2011-2356
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2354
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2352
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2341
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2339
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2338
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. October 12, 2011, 13:10 pm
CVE-2011-2262
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors. January 18, 2012, 16:01 pm
CVE-2011-2213
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. August 29, 2011, 13:08 pm
CVE-2011-2212
7.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qemu Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests." June 21, 2012, 10:06 am
CVE-2011-2211
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory. June 13, 2012, 05:06 am
CVE-2011-2210
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call. June 13, 2012, 05:06 am
CVE-2011-2209
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. June 13, 2012, 05:06 am
CVE-2011-2208
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. June 13, 2012, 05:06 am
CVE-2011-2203
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. January 27, 2012, 09:01 am
CVE-2011-2202
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." June 16, 2011, 18:06 pm
CVE-2011-2200
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium d-bus The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages. June 22, 2011, 17:06 pm
CVE-2011-2199
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High tftp-hpa Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option. July 22, 2012, 12:07 pm
CVE-2011-2192
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium curl The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. July 7, 2011, 16:07 pm
CVE-2011-2191
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal cherokee Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply. October 6, 2011, 21:10 pm
CVE-2011-2190
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low cherokee The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack. October 6, 2011, 21:10 pm
CVE-2011-2189
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious kernel net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. October 10, 2011, 05:10 am
CVE-2011-2184
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960. September 6, 2011, 11:09 am
CVE-2011-2183
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. June 13, 2012, 05:06 am
CVE-2011-2182
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel before 2.6.39.1 does not properly handle memory allocation for non-initial fragments, which might allow local users to conduct buffer overflow attacks, and gain privileges or obtain sensitive information, via a crafted LDM partition table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1017. June 13, 2012, 05:06 am
CVE-2011-2178
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium libvirt The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression. August 10, 2011, 15:08 pm
CVE-2011-2175
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Integer underflow in the visual_read function in wiretap/visual.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a malformed Visual Networks file that triggers a heap-based buffer over-read. June 6, 2011, 14:06 pm
CVE-2011-2174
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Double free vulnerability in the tvb_uncompress function in epan/tvbuff.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (application crash) via a packet with malformed data that uses zlib compression. June 6, 2011, 14:06 pm
CVE-2011-2022
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. May 9, 2011, 14:05 pm
CVE-2011-1959
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. June 6, 2011, 14:06 pm
CVE-2011-1958
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Diameter dictionary file. June 6, 2011, 14:06 pm
CVE-2011-1957
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service (infinite loop) via an invalid PDU length. June 6, 2011, 14:06 pm
CVE-2011-1956
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic. June 6, 2011, 14:06 pm
CVE-2011-1951
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium syslog-ng lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression. July 11, 2011, 15:07 pm
CVE-2011-1945
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low openssl The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. May 31, 2011, 15:05 pm
CVE-2011-1944
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libxml Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. September 2, 2011, 11:09 am
CVE-2011-1941
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. January 26, 2012, 09:01 am
CVE-2011-1940
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. January 26, 2012, 09:01 am
CVE-2011-1938
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High php Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. May 31, 2011, 15:05 pm
CVE-2011-1935
9.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical libpcap pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. October 20, 2017, 13:10 pm
CVE-2011-1928
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium apr-util The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419. May 24, 2011, 18:05 pm
CVE-2011-1927
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets. June 13, 2012, 05:06 am
CVE-2011-1925
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal nbd nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export. May 31, 2011, 15:05 pm
CVE-2011-1921
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. June 6, 2011, 14:06 pm
CVE-2011-1910
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. May 31, 2011, 15:05 pm
CVE-2011-1907
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal bind ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query. May 9, 2011, 17:05 pm
CVE-2011-1837
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low ecryptfs-utils The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors. February 15, 2014, 08:02 am
CVE-2011-1836
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ecryptfs-utils utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. February 15, 2014, 08:02 am
CVE-2011-1835
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ecryptfs-utils The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users to bypass intended access restrictions at a certain time in the new-user creation steps. February 15, 2014, 08:02 am
CVE-2011-1834
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low ecryptfs-utils utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount system call. February 15, 2014, 08:02 am
CVE-2011-1833
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. October 3, 2012, 06:10 am
CVE-2011-1832
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low ecryptfs-utils utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. February 15, 2014, 08:02 am
CVE-2011-1831
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium ecryptfs-utils utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and consequently gain privileges, via a mount system call. February 15, 2014, 08:02 am
CVE-2011-1829
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium apt APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message. July 26, 2011, 21:07 pm
CVE-2011-1804
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." May 26, 2011, 11:05 am
CVE-2011-1800
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Multiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. May 16, 2011, 12:05 pm
CVE-2011-1797
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-1783
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. June 6, 2011, 14:06 pm
CVE-2011-1781
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low systemtap SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing). August 29, 2011, 16:08 pm
CVE-2011-1779
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious libarchive Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. April 13, 2012, 15:04 pm
CVE-2011-1778
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. April 13, 2012, 15:04 pm
CVE-2011-1777
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libarchive Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. April 13, 2012, 15:04 pm
CVE-2011-1776
5.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577. September 6, 2011, 11:09 am
CVE-2011-1774
8.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. July 21, 2011, 18:07 pm
CVE-2011-1771
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The cifs_close function in fs/cifs/file.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact by setting the O_DIRECT flag during an attempt to open a file on a CIFS filesystem. September 6, 2011, 11:09 am
CVE-2011-1770
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. June 24, 2011, 15:06 pm
CVE-2011-1769
1.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low systemtap SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. August 29, 2011, 16:08 pm
CVE-2011-1768
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. June 13, 2012, 05:06 am
CVE-2011-1767
5.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. June 13, 2012, 05:06 am
CVE-2011-1760
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High oprofile utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument. June 9, 2011, 14:06 pm
CVE-2011-1759
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition. June 13, 2012, 05:06 am
CVE-2011-1758
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low sssd The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. May 26, 2011, 13:05 pm
CVE-2011-1752
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. June 6, 2011, 14:06 pm
CVE-2011-1751
7.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qemu The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers." June 21, 2012, 10:06 am
CVE-2011-1750
7.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High qemu Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned. June 21, 2012, 10:06 am
CVE-2011-1749
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low nfs-utils The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. February 26, 2014, 09:02 am
CVE-2011-1748
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. May 9, 2011, 17:05 pm
CVE-2011-1747
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls. May 9, 2011, 14:05 pm
CVE-2011-1746
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. May 9, 2011, 14:05 pm
CVE-2011-1745
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. May 9, 2011, 14:05 pm
CVE-2011-1720
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal postfix The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. May 13, 2011, 12:05 pm
CVE-2011-1691
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code. April 14, 2011, 19:04 pm
CVE-2011-1678
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low samba smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. April 9, 2011, 21:04 pm
CVE-2011-1677
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. April 9, 2011, 21:04 pm
CVE-2011-1676
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. April 9, 2011, 21:04 pm
CVE-2011-1675
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. April 9, 2011, 21:04 pm
CVE-2011-1659
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. April 8, 2011, 10:04 am
CVE-2011-1658
3.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low glibc ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. April 8, 2011, 10:04 am
CVE-2011-1657
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND. August 25, 2011, 09:08 am
CVE-2011-1598
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation. May 9, 2011, 17:05 pm
CVE-2011-1593
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call. May 3, 2011, 15:05 pm
CVE-2011-1592
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x before 1.4.5 on Windows uses an incorrect integer data type during decoding of SETCLIENTID calls, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. April 29, 2011, 17:04 pm
CVE-2011-1591
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High wireshark Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file. April 29, 2011, 17:04 pm
CVE-2011-1590
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file. April 29, 2011, 17:04 pm
CVE-2011-1585
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. June 8, 2013, 08:06 am
CVE-2011-1581
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. May 26, 2011, 11:05 am
CVE-2011-1577
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media. May 3, 2011, 14:05 pm
CVE-2011-1576
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. August 31, 2011, 18:08 pm
CVE-2011-1575
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal pure-ftpd The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. May 23, 2011, 17:05 pm
CVE-2011-1573
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. February 1, 2012, 22:02 pm
CVE-2011-1521
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium python The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. May 24, 2011, 18:05 pm
CVE-2011-1495
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions. May 3, 2011, 14:05 pm
CVE-2011-1494
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. May 3, 2011, 14:05 pm
CVE-2011-1493
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket. June 21, 2012, 18:06 pm
CVE-2011-1487
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal perl The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. April 11, 2011, 13:04 pm
CVE-2011-1486
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libvirt libvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time. May 31, 2011, 15:05 pm
CVE-2011-1479
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-4250. June 21, 2012, 18:06 pm
CVE-2011-1478
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame. October 23, 2011, 05:10 am
CVE-2011-1477
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. June 21, 2012, 18:06 pm
CVE-2011-1476
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer. June 21, 2012, 18:06 pm
CVE-2011-1473
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openssl ** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment. June 16, 2012, 16:06 pm
CVE-2011-1471
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. March 19, 2011, 21:03 pm
CVE-2011-1470
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. March 19, 2011, 21:03 pm
CVE-2011-1469
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. March 19, 2011, 21:03 pm
CVE-2011-1468
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. March 19, 2011, 21:03 pm
CVE-2011-1467
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409. March 19, 2011, 21:03 pm
CVE-2011-1466
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function. March 19, 2011, 21:03 pm
CVE-2011-1464
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. March 19, 2011, 21:03 pm
CVE-2011-1462
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-1457
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-1453
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-1425
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. April 4, 2011, 07:04 am
CVE-2011-1398
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium php The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. August 30, 2012, 17:08 pm
CVE-2011-1295
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. March 25, 2011, 14:03 pm
CVE-2011-1290
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. March 11, 2011, 15:03 pm
CVE-2011-1288
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-1182
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. March 1, 2013, 06:03 am
CVE-2011-1180
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length. June 8, 2013, 08:06 am
CVE-2011-1173
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.39 on the x86_64 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking (AUN) packet. June 22, 2011, 17:06 pm
CVE-2011-1169
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer. May 3, 2011, 14:05 pm
CVE-2011-1163
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. April 9, 2011, 21:04 pm
CVE-2011-1162
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The tpm_read function in the Linux kernel 2.6 does not properly clear memory, which might allow local users to read the results of the previous TPM command. January 27, 2012, 09:01 am
CVE-2011-1160
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. June 21, 2012, 18:06 pm
CVE-2011-1159
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low acpid acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls. October 4, 2011, 21:10 pm
CVE-2011-1155
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) March 30, 2011, 17:03 pm
e) or (2) (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
Pro 5.0.24
MVL 5 OMAP3
MVL 5 OMAP3530
Mobilinux 5.0.24
MVL 5 Atom
CGE 5.x
Mobilinux 5.x
Carrier Grade CGE 6.0
Carrier Grade CGE 5.1
Pro 4.x
CGE 4.x
Mobilinux 4.x
Pro 5.0.24
MVL 5 OMAP3
MVL 5 OMAP3530
Mobilinux 5.0.24
MVL 5 Atom
Carrier Grade CGE 6.0
Pro 5.0
CGE 5.x
Mobilinux 5.x
Pro 5.0
MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Logrotate select * from pg_cve_data where cve like '%CVE-2011%' order by cve desc December 31, 1969, 18:12 pm
CVE-2011-1154
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium logrotate The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. March 30, 2011, 17:03 pm
CVE-2011-1153
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call. March 16, 2011, 17:03 pm
CVE-2011-1148
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. March 18, 2011, 10:03 am
CVE-2011-1146
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libvirt libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restrict operations in a read-only connection, which allows remote attackers to cause a denial of service (host OS crash) or possibly execute arbitrary code via a (1) virNodeDeviceDettach, (2) virNodeDeviceReset, (3) virDomainRevertToSnapshot, (4) virDomainSnapshotDelete, (5) virNodeDeviceReAttach, or (6) virConnectDomainXMLToNative call, a different vulnerability than CVE-2008-5086. March 15, 2011, 12:03 pm
CVE-2011-1143
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file. March 2, 2011, 19:03 pm
CVE-2011-1142
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values. March 2, 2011, 19:03 pm
CVE-2011-1141
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements. March 2, 2011, 19:03 pm
CVE-2011-1140
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Multiple stack consumption vulnerabilities in the dissect_ms_compressed_string and dissect_mscldap_string functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service (infinite recursion) via a crafted (1) SMB or (2) Connection-less LDAP (CLDAP) packet. March 2, 2011, 19:03 pm
CVE-2011-1139
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) via a pcap-ng file that contains a large packet-length field. March 2, 2011, 19:03 pm
CVE-2011-1138
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal wireshark Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet. March 2, 2011, 19:03 pm
CVE-2011-1137
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium proftpd Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message. March 11, 2011, 11:03 am
CVE-2011-1098
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low logrotate Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. March 30, 2011, 17:03 pm
CVE-2011-1097
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal rsync rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. March 30, 2011, 17:03 pm
CVE-2011-1095
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. April 9, 2011, 21:04 pm
CVE-2011-1093
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet. July 18, 2011, 17:07 pm
CVE-2011-1092
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious php Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. March 15, 2011, 12:03 pm
CVE-2011-1090
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL. May 9, 2011, 14:05 pm
CVE-2011-1089
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low glibc The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. April 9, 2011, 21:04 pm
CVE-2011-1083
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. April 4, 2011, 07:04 am
CVE-2011-1082
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls. April 4, 2011, 07:04 am
CVE-2011-1081
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. March 19, 2011, 21:03 pm
CVE-2011-1078
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. June 21, 2012, 18:06 pm
CVE-2011-1076
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows remote DNS servers to cause a denial of service (NULL pointer dereference and OOPS) by not providing a valid response to a DNS query, as demonstrated by an erroneous grand.centrall.org query, which triggers improper handling of error data within a DNS resolver key. October 4, 2011, 21:10 pm
CVE-2011-1071
5.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium eglibc The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. April 8, 2011, 10:04 am
CVE-2011-1059
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557. February 22, 2011, 13:02 pm
CVE-2011-1044
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649. February 18, 2011, 14:02 pm
CVE-2011-1025
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password. March 19, 2011, 21:03 pm
CVE-2011-1024
4.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal openldap chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. March 19, 2011, 21:03 pm
CVE-2011-1023
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation. June 21, 2012, 18:06 pm
CVE-2011-1022
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low libcgroup The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. March 22, 2011, 12:03 pm
CVE-2011-1021
3.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347. June 21, 2012, 18:06 pm
CVE-2011-1020
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls. February 28, 2011, 10:02 am
CVE-2011-1019
1.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The dev_load function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAP_SYS_MODULE capability requirement and load arbitrary modules by leveraging the CAP_NET_ADMIN capability. March 1, 2013, 06:03 am
CVE-2011-1017
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table. March 1, 2011, 17:03 pm
CVE-2011-1016
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. February 28, 2011, 10:02 am
CVE-2011-1015
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium python The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. May 9, 2011, 17:05 pm
CVE-2011-1013
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. May 9, 2011, 14:05 pm
CVE-2011-1012
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel before 2.6.38-rc6-git6 does not validate the VBLK size value in the VMDB structure in an LDM partition table, which allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted partition table. March 1, 2011, 17:03 pm
CVE-2011-1011
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal policycoreutils The seunshare_mount function in sandbox/seunshare.c in seunshare in certain Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a new directory on top of /tmp without assigning root ownership and the sticky bit to this new directory, which allows local users to replace or delete arbitrary /tmp files, and consequently cause a denial of service or possibly gain privileges, by running a setuid application that relies on /tmp, as demonstrated by the ksu application. February 24, 2011, 15:02 pm
CVE-2011-1010
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table. March 1, 2011, 17:03 pm
CVE-2011-1006
7.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High libcgroup Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. March 22, 2011, 12:03 pm
CVE-2011-1005
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ruby The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. March 2, 2011, 14:03 pm
CVE-2011-1004
6.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ruby The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack. March 2, 2011, 14:03 pm
CVE-2011-1002
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal avahi avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. February 22, 2011, 13:02 pm
CVE-2011-0999
4.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application. February 23, 2011, 13:02 pm
CVE-2011-0997
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High dhcp dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. April 8, 2011, 10:04 am
CVE-2011-0988
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal pure-ftpd pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. April 18, 2011, 12:04 pm
CVE-2011-0986
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal phpmyadmin phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file. February 14, 2011, 16:02 pm
CVE-2011-0762
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal vsftpd The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. March 2, 2011, 14:03 pm
CVE-2011-0761
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium perl Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. May 13, 2011, 12:05 pm
CVE-2011-0754
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. February 2, 2011, 16:02 pm
CVE-2011-0753
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals. February 2, 2011, 16:02 pm
CVE-2011-0752
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. February 2, 2011, 16:02 pm
CVE-2011-0751
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious nostromo Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI. March 16, 2011, 17:03 pm
CVE-2011-0726
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary. July 18, 2011, 17:07 pm
CVE-2011-0721
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal shadow Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. February 18, 2011, 19:02 pm
CVE-2011-0719
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium samba Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd. March 1, 2011, 17:03 pm
CVE-2011-0716
4.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface. June 21, 2012, 18:06 pm
CVE-2011-0715
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal subversion The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. March 11, 2011, 16:03 pm
CVE-2011-0714
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kernel Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function. May 4, 2011, 17:05 pm
CVE-2011-0713
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long record in a Nokia DCT3 trace file. March 2, 2011, 19:03 pm
CVE-2011-0712
6.2 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. February 18, 2011, 14:02 pm
CVE-2011-0711
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. March 1, 2011, 17:03 pm
CVE-2011-0710
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel before 2.6.38-rc4-next-20110216 on the s390 platform allows local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/. February 18, 2011, 14:02 pm
CVE-2011-0709
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High kernel The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux kernel before 2.6.35-rc5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an IGMP packet, related to lack of a multicast table. February 18, 2011, 14:02 pm
CVE-2011-0708
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. March 19, 2011, 21:03 pm
CVE-2011-0695
5.7 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel Race condition in the cm_work_handler function in the InfiniBand driver (drivers/infiniband/core/cma.c) in Linux kernel 2.6.x allows remote attackers to cause a denial of service (panic) by sending an InfiniBand request while other request handlers are still running, which triggers an invalid pointer dereference. March 15, 2011, 12:03 pm
CVE-2011-0640
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal linux_kernel udev The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. January 24, 2011, 19:01 pm
CVE-2011-0633
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libwww-perl The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned. May 13, 2011, 17:05 pm
CVE-2011-0543
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low fuse Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. September 2, 2011, 18:09 pm
CVE-2011-0542
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low fuse fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. September 2, 2011, 18:09 pm
CVE-2011-0541
3.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low fuse fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. September 2, 2011, 18:09 pm
CVE-2011-0539
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssh The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. February 10, 2011, 12:02 pm
CVE-2011-0538
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. February 8, 2011, 16:02 pm
CVE-2011-0536
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium glibc Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. April 8, 2011, 10:04 am
CVE-2011-0530
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious nbd Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression. February 22, 2011, 13:02 pm
CVE-2011-0521
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium kernel The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value. February 2, 2011, 17:02 pm
CVE-2011-0465
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High xrdb xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. April 8, 2011, 10:04 am
CVE-2011-0463
2.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low kernel The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file. April 9, 2011, 21:04 pm
CVE-2011-0460
6.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal kbd The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. April 16, 2014, 13:04 pm
CVE-2011-0445
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium wireshark The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. January 12, 2011, 19:01 pm
CVE-2011-0444
10.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical wireshark Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. January 12, 2011, 19:01 pm
CVE-2011-0441
6.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. March 29, 2011, 13:03 pm
CVE-2011-0438
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal nss-pam-ldapd nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication. March 15, 2011, 12:03 pm
CVE-2011-0421
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. March 19, 2011, 21:03 pm
CVE-2011-0420
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal php The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. February 18, 2011, 19:02 pm
CVE-2011-0419
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium appache Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. May 16, 2011, 12:05 pm
CVE-2011-0418
4.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal pure-ftpd The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command. May 24, 2011, 18:05 pm
CVE-2011-0414
7.1 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious bind ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. February 23, 2011, 13:02 pm
CVE-2011-0413
7.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious dhcp The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address. January 31, 2011, 15:01 pm
CVE-2011-0411
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal postfix The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. March 16, 2011, 17:03 pm
CVE-2011-0408
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libpng pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information. January 18, 2011, 12:01 pm
CVE-2011-0402
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal dpkg dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. January 10, 2011, 21:01 pm
CVE-2011-0343
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal syslog-ng Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. January 28, 2011, 10:01 am
CVE-2011-0255
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0254
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0253
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0244
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. July 21, 2011, 18:07 pm
CVE-2011-0242
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. July 21, 2011, 18:07 pm
CVE-2011-0240
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0238
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0237
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0235
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0234
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0233
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0232
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0226
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical freetype Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. July 19, 2011, 17:07 pm
CVE-2011-0225
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0223
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0222
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0221
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0219
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. July 21, 2011, 18:07 pm
CVE-2011-0218
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. July 21, 2011, 18:07 pm
CVE-2011-0216
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
High safari Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. July 21, 2011, 18:07 pm
CVE-2011-0188
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal ruby The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." March 22, 2011, 21:03 pm
CVE-2011-0169
2.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Low webkit WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. March 11, 2011, 16:03 pm
CVE-2011-0168
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0167
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. March 11, 2011, 16:03 pm
CVE-2011-0166
5.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. March 11, 2011, 16:03 pm
CVE-2011-0165
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0164
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0163
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. March 11, 2011, 16:03 pm
CVE-2011-0161
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. March 11, 2011, 16:03 pm
CVE-2011-0160
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. March 11, 2011, 16:03 pm
CVE-2011-0157
7.5 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. March 11, 2011, 16:03 pm
CVE-2011-0156
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0155
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0153
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0152
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0151
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0150
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0149
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0148
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0147
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0146
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0145
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0144
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0143
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0142
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0141
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0140
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0139
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0138
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0137
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0136
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0135
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0134
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0133
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0132
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0131
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0130
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0129
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0128
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0127
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0126
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0125
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0124
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0123
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0122
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0121
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0120
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0119
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0118
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0117
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0116
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0115
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0114
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0113
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0112
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0111
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious webkit WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. March 3, 2011, 14:03 pm
CVE-2011-0064
6.8 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal pango The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. March 7, 2011, 15:03 pm
CVE-2011-0024
9.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Critical wireshark Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file. March 28, 2011, 11:03 am
CVE-2011-0020
7.6 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Serious pango Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. January 24, 2011, 12:01 pm
CVE-2011-0014
5.0 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Medium openssl ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." February 18, 2011, 19:02 pm
CVE-2011-0011
4.3 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal qemu qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions. June 21, 2012, 10:06 am
CVE-2011-0010
4.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal sudo check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. January 18, 2011, 12:01 pm
CVE-2011-0008
6.9 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal sudo A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. January 20, 2011, 13:01 pm
CVE-2011-0002
6.4 MV Product/Version
affected:
CGE 5.1
CGE 6.0
CGE 7.0
CGX 1.8
CGX 2.0
CGX 2.2
Normal libuser libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. January 22, 2011, 16:01 pm