Total
2472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5123 | 1 Comodo | 1 Comodo Internet Security | 2026-06-16 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2011-5121 | 1 Comodo | 1 Comodo Internet Security | 2026-06-16 | 10.0 HIGH | N/A |
| The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors. | |||||
| CVE-2011-5095 | 1 Openssl | 1 Openssl | 2026-06-16 | 4.0 MEDIUM | N/A |
| The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923. | |||||
| CVE-2011-5064 | 1 Apache | 1 Tomcat | 2026-06-16 | 4.3 MEDIUM | N/A |
| DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. | |||||
| CVE-2011-5036 | 1 Rack Project | 1 Rack | 2026-06-16 | 5.0 MEDIUM | N/A |
| Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2011-4758 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2026-06-16 | 5.0 MEDIUM | N/A |
| Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files. | |||||
| CVE-2011-4747 | 2 Parallels, Redhat | 2 Parallels Plesk Panel, Enterprise Linux | 2026-06-16 | 5.0 MEDIUM | N/A |
| The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list. | |||||
| CVE-2011-4746 | 2 Parallels, Redhat | 2 Parallels Plesk Panel, Enterprise Linux | 2026-06-16 | 5.0 MEDIUM | N/A |
| The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for remote attackers to conduct spoofing attacks by leveraging protocol weaknesses. | |||||
| CVE-2011-4736 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2026-06-16 | 5.0 MEDIUM | N/A |
| The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files. | |||||
| CVE-2011-4684 | 1 Opera | 1 Opera Browser | 2026-06-16 | 10.0 HIGH | N/A |
| Opera before 11.60 does not properly handle certificate revocation, which has unspecified impact and remote attack vectors related to "corner cases." | |||||
| CVE-2011-4667 | 1 Cisco | 2 Ios, Nx-os | 2026-06-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | |||||
| CVE-2011-4576 | 1 Openssl | 1 Openssl | 2026-06-16 | 5.0 MEDIUM | N/A |
| The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | |||||
| CVE-2011-4507 | 1 Dlink | 1 Dir-685 | 2026-06-16 | 7.5 HIGH | N/A |
| The D-Link DIR-685 router, when certain WPA and WPA2 configurations are used, does not maintain an encrypted wireless network during transfer of a large amount of network traffic, which allows remote attackers to obtain sensitive information or bypass authentication via a Wi-Fi device. | |||||
| CVE-2011-4461 | 2 Mortbay, Oracle | 2 Jetty, Sun Storage Common Array Manager | 2026-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | |||||
| CVE-2011-4447 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2026-06-16 | 4.3 MEDIUM | N/A |
| The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion. | |||||
| CVE-2011-4432 | 1 Merethis | 1 Centreon | 2026-06-16 | 5.0 MEDIUM | N/A |
| www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | |||||
| CVE-2011-4354 | 1 Openssl | 1 Openssl | 2026-06-16 | 5.8 MEDIUM | N/A |
| crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts. | |||||
| CVE-2011-4321 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 5.0 MEDIUM | N/A |
| The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors. | |||||
| CVE-2011-4303 | 1 Moodle | 1 Moodle | 2026-06-16 | 4.3 MEDIUM | N/A |
| lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. | |||||
| CVE-2011-4190 | 1 Suse | 2 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server | 2026-06-16 | 3.5 LOW | 5.9 MEDIUM |
| The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). | |||||
