|
297781
|
8.6 |
HIGH
Network
|
openstack
|
nova
|
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
|
CWE-200
Information Exposure
|
CVE-2011-3147
|
2024-11-21 10:29 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297782
|
9.8 |
CRITICAL
Network
|
mount.ecrpytfs_private_project
|
mount.ecrpytfs_private
|
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of t…
|
CWE-254
7PK - Security Features
|
CVE-2011-3145
|
2024-11-21 10:29 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297783
|
9.8 |
CRITICAL
Network
|
suse
|
suse_linux_enterprise_server
|
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-3172
|
2024-11-21 10:29 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297784
|
8.8 |
HIGH
Network
|
opensuse
|
open_build_service
|
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
|
CWE-94
Code Injection
|
CVE-2011-3178
|
2024-11-21 10:29 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297785
|
5.3 |
MEDIUM
Network
|
glyphandcog
debian
|
xpdf
debian_linux
|
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary fi…
|
CWE-20
Improper Input Validation
|
CVE-2011-2902
|
2024-11-21 10:29 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297786
|
7.8 |
HIGH
Local
|
yast
|
yast2
|
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless network…
|
CWE-200
Information Exposure
|
CVE-2011-3177
|
2024-11-21 10:29 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297787
|
- |
|
megalab
|
the_uploader
|
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
CWE-89
SQL Injection
|
CVE-2011-2944
|
2024-11-21 10:29 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297788
|
- |
|
canonical
|
ubuntu_linux
update-manager
|
DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25…
|
CWE-310
Cryptographic Issues
|
CVE-2011-3152
|
2024-11-21 10:29 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297789
|
- |
|
canonical
|
ubuntu_linux
update-manager
|
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 d…
|
CWE-59
Link Following
|
CVE-2011-3154
|
2024-11-21 10:29 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297790
|
- |
|
suse
|
studio_extension_for_system_z
studio_onsite
kiwi
|
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in…
|
NVD-CWE-Other
|
CVE-2011-3180
|
2024-11-21 10:29 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
