LiveActive security incident?Get immediate response
CVE archive

March 2011

Browse CVE records published in March 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 388 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2011-5319: content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not p...

content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.

Published Mar 9, 2015 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4816: SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essent...

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published Mar 13, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4817: The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1,...

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.

Published Mar 13, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4318: Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy desti...

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.

Published Mar 7, 2013 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-3845: Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, a...

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-3199: Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow...

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.

Published Mar 20, 2014 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-3197: SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated u...

SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector.

Published Mar 20, 2014 · Updated Aug 6, 2024