|
300541
|
5.5 |
MEDIUM
Local
|
qtnx_project
|
qtnx
|
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key u…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2011-2916
|
2024-11-21 10:29 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300542
|
6.7 |
MEDIUM
Local
|
linux-ax25
debian
|
ax25-tools
debian_linux
|
The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would …
|
CWE-269
Improper Privilege Management
|
CVE-2011-2910
|
2024-11-21 10:29 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300543
|
9.8 |
CRITICAL
Network
|
elgg
|
elgg
|
Elgg through 1.7.10 has a SQL injection vulnerability
|
CWE-89
SQL Injection
|
CVE-2011-2936
|
2024-11-21 10:29 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300544
|
6.1 |
MEDIUM
Network
|
elgg
|
elgg
|
Elgg through 1.7.10 has XSS
|
CWE-79
Cross-site Scripting
|
CVE-2011-2935
|
2024-11-21 10:29 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300545
|
9.8 |
CRITICAL
Network
|
gnome
redhat
debian
|
gdk-pixbuf
enterprise_linux
debian_linux
|
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
|
CWE-20
Improper Input Validation
|
CVE-2011-2897
|
2024-11-21 10:29 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300546
|
6.5 |
MEDIUM
Network
|
google
|
blink
|
Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2011-2807
|
2024-11-21 10:29 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300547
|
6.5 |
MEDIUM
Network
|
google
|
blink
|
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.
|
CWE-20
Improper Input Validation
|
CVE-2011-2808
|
2024-11-21 10:29 |
2019-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300548
|
5.9 |
MEDIUM
Network
|
canonical
|
selinux
|
The Ubuntu SELinux initscript before version 1:0.10 used touch to create a lockfile in a world-writable directory. If the OS kernel does not have symlink protections then an attacker can cause a zero…
|
CWE-693
Protection Mechanism Failure
|
CVE-2011-3151
|
2024-11-21 10:29 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300549
|
8.6 |
HIGH
Network
|
openstack
|
nova
|
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
|
CWE-200
Information Exposure
|
CVE-2011-3147
|
2024-11-21 10:29 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300550
|
9.8 |
CRITICAL
Network
|
mount.ecrpytfs_private_project
|
mount.ecrpytfs_private
|
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of t…
|
CWE-254
7PK - Security Features
|
CVE-2011-3145
|
2024-11-21 10:29 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
