|
301961
|
7.8 |
HIGH
Local
|
v86d_project
debian
|
v86d
debian_linux
|
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
|
CWE-863
Incorrect Authorization
|
CVE-2011-1070
|
2024-11-21 10:25 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301962
|
6.1 |
MEDIUM
Network
|
s9y
|
serendipity
|
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/Imag…
|
CWE-79
Cross-site Scripting
|
CVE-2011-1135
|
2024-11-21 10:25 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301963
|
9.8 |
CRITICAL
Network
|
s9y
|
serendipity
|
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2011-1134
|
2024-11-21 10:25 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301964
|
6.1 |
MEDIUM
Network
|
s9y
|
serendipity
|
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
|
CWE-79
Cross-site Scripting
|
CVE-2011-1133
|
2024-11-21 10:25 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301965
|
- |
|
novell
|
suse_lifecycle_management_server
|
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-0993
|
2024-11-21 10:25 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301966
|
- |
|
xen
|
xen
|
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
|
CWE-20
Improper Input Validation
|
CVE-2011-1166
|
2024-11-21 10:25 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301967
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memor…
|
CWE-787
Out-of-bounds Write
|
CVE-2011-1180
|
2024-11-21 10:25 |
2013-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301968
|
- |
|
david_king
|
vino
|
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easi…
|
NVD-CWE-Other
|
CVE-2011-1165
|
2024-11-21 10:25 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301969
|
- |
|
david_king
|
vino
|
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
|
CWE-16
Configuration
|
CVE-2011-1164
|
2024-11-21 10:25 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301970
|
- |
|
linux
redhat
|
linux_kernel
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux
enterprise_linux_desktop
enterprise_linux_eus
enterprise_linux_aus
|
kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.
|
NVD-CWE-noinfo
|
CVE-2011-1182
|
2024-11-21 10:25 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
