LiveActive security incident?Get immediate response
CVE archive

June 2011

Browse CVE records published in June 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 377 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2011-1130: Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start par...

Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.

Published Jun 21, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1131: The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC...

The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search.

Published Jun 21, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4940: The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x...

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

Published Jun 27, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate t...

The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.

Published Jun 21, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4914: The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length...

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

Published Jun 21, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4367: Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x...

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.

Published Jun 19, 2014 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4347: The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel...

The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.

Published Jun 8, 2013 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-3619: The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not proper...

The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/attr/current file.

Published Jun 8, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2942: A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18...

A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device.

Published Jun 8, 2013 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2605: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsC...

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.

Published Jun 30, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux ker...

Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.

Published Jun 22, 2011 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2011-2512: The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, whi...

The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.

Published Jun 21, 2012 · Updated Aug 6, 2024