Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-5123 1 Comodo 1 Comodo Internet Security 2026-06-16 10.0 HIGH N/A
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.
CVE-2011-5121 1 Comodo 1 Comodo Internet Security 2026-06-16 10.0 HIGH N/A
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors.
CVE-2011-5095 1 Openssl 1 Openssl 2026-06-16 4.0 MEDIUM N/A
The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.
CVE-2011-5064 1 Apache 1 Tomcat 2026-06-16 4.3 MEDIUM N/A
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
CVE-2011-5036 1 Rack Project 1 Rack 2026-06-16 5.0 MEDIUM N/A
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4758 1 Parallels 1 Parallels Plesk Small Business Panel 2026-06-16 5.0 MEDIUM N/A
Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files.
CVE-2011-4747 2 Parallels, Redhat 2 Parallels Plesk Panel, Enterprise Linux 2026-06-16 5.0 MEDIUM N/A
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list.
CVE-2011-4746 2 Parallels, Redhat 2 Parallels Plesk Panel, Enterprise Linux 2026-06-16 5.0 MEDIUM N/A
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses.
CVE-2011-4736 3 Microsoft, Parallels, Redhat 3 Windows, Parallels Plesk Panel, Enterprise Linux 2026-06-16 5.0 MEDIUM N/A
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files.
CVE-2011-4684 1 Opera 1 Opera Browser 2026-06-16 10.0 HIGH N/A
Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases."
CVE-2011-4667 1 Cisco 2 Ios, Nx-os 2026-06-16 4.3 MEDIUM 5.9 MEDIUM
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.
CVE-2011-4576 1 Openssl 1 Openssl 2026-06-16 5.0 MEDIUM N/A
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
CVE-2011-4507 1 Dlink 1 Dir-685 2026-06-16 7.5 HIGH N/A
The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device.
CVE-2011-4461 2 Mortbay, Oracle 2 Jetty, Sun Storage Common Array Manager 2026-06-16 5.0 MEDIUM 5.3 MEDIUM
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4447 1 Bitcoin 2 Bitcoin Core, Wxbitcoin 2026-06-16 4.3 MEDIUM N/A
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion.
CVE-2011-4432 1 Merethis 1 Centreon 2026-06-16 5.0 MEDIUM N/A
www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.
CVE-2011-4354 1 Openssl 1 Openssl 2026-06-16 5.8 MEDIUM N/A
crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.
CVE-2011-4321 1 Joomla 1 Joomla\! 2026-06-16 5.0 MEDIUM N/A
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
CVE-2011-4303 1 Moodle 1 Moodle 2026-06-16 4.3 MEDIUM N/A
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.
CVE-2011-4190 1 Suse 2 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server 2026-06-16 3.5 LOW 5.9 MEDIUM
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).