Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4128 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-11 N/A
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.
CVE-2011-4131 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 N/A
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
CVE-2011-4346 1 Redhat 3 Enterprise Linux, Network Satellite, Satellite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
CVE-2011-4347 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-11 N/A
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.
CVE-2011-4516 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2025-04-11 N/A
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
CVE-2011-4517 7 Canonical, Debian, Fedoraproject and 4 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2025-04-11 N/A
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
CVE-2011-4577 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-11 N/A
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.
CVE-2011-4619 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-11 N/A
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2011-4621 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 5.5 Medium
The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes code in a loop.
CVE-2011-4622 1 Redhat 3 Enterprise Linux, Kvm, Rhel Virtualization 2025-04-11 N/A
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.
CVE-2011-4736 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files.
CVE-2011-4737 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/.
CVE-2011-4738 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files.
CVE-2011-4739 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/my-profile and certain other files.
CVE-2011-4740 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
CVE-2011-4741 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/.
CVE-2011-4742 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2025-04-11 N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files.
CVE-2011-4858 2 Apache, Redhat 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more 2025-04-11 N/A
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4862 9 Debian, Fedoraproject, Freebsd and 6 more 14 Debian Linux, Fedora, Freebsd and 11 more 2025-04-11 N/A
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2011-4930 3 Condor Project, Fedoraproject, Redhat 3 Condor, Fedora, Enterprise Mrg 2025-04-11 N/A
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.