|
294781
|
9.8 |
CRITICAL
Network
|
ruby-lang
|
ruby
|
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use t…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2011-4121
|
2024-11-21 10:31 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294782
|
9.8 |
CRITICAL
Network
|
yubico
debian
|
pam_module
debian_linux
|
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remot…
|
CWE-20
Improper Input Validation
|
CVE-2011-4120
|
2024-11-21 10:31 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294783
|
6.1 |
MEDIUM
Network
|
s9y
|
serendipity
|
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4090
|
2024-11-21 10:31 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294784
|
7.5 |
HIGH
Network
|
phpldapadmin_project
debian
|
phpldapadmin
debian_linux
|
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial o…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2011-4082
|
2024-11-21 10:31 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294785
|
5.9 |
MEDIUM
Network
|
openstack
|
nova
|
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http o…
|
CWE-200
Information Exposure
|
CVE-2011-4076
|
2024-11-21 10:31 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294786
|
9.8 |
CRITICAL
Network
|
apache
redhat
|
struts
jboss_enterprise_web_server
|
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2011-3923
|
2024-11-21 10:31 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294787
|
9.8 |
CRITICAL
Network
|
opensuse
|
open_build_service
|
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2011-4183
|
2024-11-21 10:31 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294788
|
8.1 |
HIGH
Network
|
opensuse
|
sysconfig
|
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.…
|
CWE-20
Improper Input Validation
|
CVE-2011-4182
|
2024-11-21 10:31 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294789
|
7.5 |
HIGH
Network
|
opensuse
|
open_build_service
|
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including v…
|
CWE-20
Improper Input Validation
|
CVE-2011-4181
|
2024-11-21 10:31 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294790
|
5.3 |
MEDIUM
Network
|
suse
|
suse_linux_enterprise_server
suse_linux_enterprise_desktop
|
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in th…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4190
|
2024-11-21 10:31 |
2018-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
