Total
11442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2716 | 2 Busybox, T-mobile | 2 Busybox, Tm-ac1900 | 2026-06-16 | 6.8 MEDIUM | N/A |
| The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | |||||
| CVE-2011-2705 | 1 Ruby-lang | 1 Ruby | 2026-06-16 | 5.0 MEDIUM | N/A |
| The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. | |||||
| CVE-2011-2697 | 1 Hp | 1 Linux Imaging And Printing Project | 2026-06-16 | 6.8 MEDIUM | N/A |
| foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file. | |||||
| CVE-2011-2681 | 1 Ibm | 1 Rational Doors Web Access | 2026-06-16 | 10.0 HIGH | N/A |
| IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-2660 | 1 Suse | 2 Linux Enterprise Desktop, Vpnc | 2026-06-16 | 7.5 HIGH | N/A |
| The modify_resolvconf_suse script in the vpnc package before 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1 might allow remote attackers to execute arbitrary commands via a crafted DNS domain name. | |||||
| CVE-2011-2654 | 1 Novell | 1 Cloud Manager | 2026-06-16 | 9.3 HIGH | N/A |
| The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. | |||||
| CVE-2011-2649 | 2 Marcus Schafer, Novell | 2 Kiwi, Suse Studio Onsite | 2026-06-16 | 7.5 HIGH | N/A |
| Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call. | |||||
| CVE-2011-2634 | 1 Opera | 1 Opera Browser | 2026-06-16 | 5.0 MEDIUM | N/A |
| Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications. | |||||
| CVE-2011-2632 | 1 Opera | 1 Opera Browser | 2026-06-16 | 5.0 MEDIUM | N/A |
| Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service (application crash) via a web page, as demonstrated by vod.onet.pl. | |||||
| CVE-2011-2631 | 1 Opera | 1 Opera Browser | 2026-06-16 | 5.0 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in Opera before 11.11 does not properly handle the column-count property, which allows remote attackers to cause a denial of service (infinite repaint loop and application hang) via a web page, as demonstrated by an unspecified Wikipedia page. | |||||
| CVE-2011-2630 | 1 Opera | 1 Opera Browser | 2026-06-16 | 4.3 MEDIUM | N/A |
| Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension. | |||||
| CVE-2011-2628 | 1 Opera | 1 Opera Browser | 2026-06-16 | 10.0 HIGH | N/A |
| Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload. | |||||
| CVE-2011-2608 | 1 Hp | 2 Openview Performance Agent, Operations Agent | 2026-06-16 | 6.4 MEDIUM | N/A |
| ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command. | |||||
| CVE-2011-2590 | 1 Uusee | 2 Uuplayer Activex Control, Uusee | 2026-06-16 | 9.3 HIGH | N/A |
| The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 allows remote attackers to execute arbitrary programs via a UNC share pathname in the MPlayerPath parameter. | |||||
| CVE-2011-2586 | 1 Cisco | 1 Ios | 2026-06-16 | 5.4 MEDIUM | N/A |
| The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service (device crash) via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249. | |||||
| CVE-2011-2583 | 1 Cisco | 1 Unified Contact Center Express | 2026-06-16 | 5.0 MEDIUM | N/A |
| Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834. | |||||
| CVE-2011-2535 | 1 Digium | 1 Asterisk | 2026-06-16 | 5.0 MEDIUM | N/A |
| chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. | |||||
| CVE-2011-2526 | 1 Apache | 1 Tomcat | 2026-06-16 | 4.4 MEDIUM | N/A |
| Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. | |||||
| CVE-2011-2518 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 4.9 MEDIUM | N/A |
| The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux kernel before 2.6.39.2 calls the kern_path function with arguments taken directly from a mount system call, which allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name. | |||||
| CVE-2011-2512 | 1 Kvm Group | 1 Qemu-kvm | 2026-06-16 | 5.8 MEDIUM | N/A |
| The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison. | |||||