LiveActive security incident?Get immediate response
CVE archive

March 2011

Browse CVE records published in March 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 388 matching CVEs · Page 3 of 8.

Unknown · CVSS Not scored

CVE-2011-2869: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2873: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2867: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2872: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2870: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2868: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2871: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2833: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrar...

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

Published Mar 8, 2012 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1553: Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other p...

Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.

Published Mar 31, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1554: Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, all...

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.

Published Mar 31, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1524: Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administra...

Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.

Published Mar 28, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1549: The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories...

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

Published Mar 30, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1548: The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directo...

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.

Published Mar 30, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1519: The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a...

The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.

Published Mar 25, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1506: The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict...

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.

Published Mar 22, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1432: The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows...

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Published Mar 16, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1433: The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0...

The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.

Published Mar 18, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1430: The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/...

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Published Mar 16, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-1427: Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject...

Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Language parameter to Pages/login.aspx, (2) HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or (3) User-Agent header to troubleshooting/speedtest.asp.

Published Mar 15, 2011 · Updated Aug 6, 2024