LiveActive security incident?Get immediate response
CVE archive

September 2011

Browse CVE records published in September 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 418 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2011-3494: WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) an...

WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Published Sep 16, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-3146: librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attac...

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.

Published Sep 5, 2012 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4451: libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote a...

libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter

Published Sep 5, 2012 · Updated Sep 16, 2024