LiveActive security incident?Get immediate response
CVE archive

June 2011

Browse CVE records published in June 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 377 matching CVEs · Page 1 of 8.

High · CVSS 7.8 · CISA KEV

CVE-2011-1823: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a...

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

Published Jun 9, 2011 · Updated Oct 22, 2025

High · CVSS 8.8

CVE-2011-10007: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \     -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)

Published Jun 5, 2025 · Updated Jun 11, 2025

Medium · CVSS 6.1

CVE-2011-1252: Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Inte...

Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."

Published Jun 16, 2011 · Updated Jan 21, 2025

Medium · CVSS 5.4

CVE-2011-3172: unix2_chkpwd do not check for a valid account

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.

Published Jun 8, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-2382: Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-z...

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

Published Jun 3, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-2475: Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneB...

Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging.

Published Jun 9, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-2545: Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before...

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

Published Jun 13, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-1334: Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezi...

Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."

Published Jun 29, 2011 · Updated Sep 17, 2024

High · CVSS 8.8

CVE-2011-0467: SQL injection in SUSE studio via select parameter

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.

Published Jun 7, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-1584: The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does n...

The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information.

Published Jun 8, 2011 · Updated Sep 17, 2024

Medium · CVSS 5.9

CVE-2011-4190: Missing verification of host key for kdump server

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files).

Published Jun 8, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-5093: Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, wh...

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.

Published Jun 4, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-2386: VisiWaveReport.exe in AZO Technologies, Inc.

VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.

Published Jun 8, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-2206: XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibl...

XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.

Published Jun 22, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-2181: Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to exe...

Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edit_room.php.

Published Jun 29, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5094: Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option,...

Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment

Published Jun 16, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1482: Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0...

Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts or (2) grant the administrative privilege to a user account, related to a Referer check that uses a substring comparison.

Published Jun 21, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-2600: The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote...

The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.

Published Jun 30, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1180: Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c...

Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.

Published Jun 8, 2013 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-2601: The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote at...

The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.

Published Jun 30, 2011 · Updated Sep 16, 2024