LiveActive security incident?Get immediate response
CVE archive

November 2011

Browse CVE records published in November 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 332 matching CVEs · Page 2 of 7.

Unknown · CVSS Not scored

CVE-2011-4321: The password reset functionality in Joomla!

The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.

Published Nov 23, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1919: Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101...

Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.

Published Nov 2, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-4434: Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker ru...

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.

Published Nov 11, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5245: The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attacker...

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.

Published Nov 23, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-5244: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c...

Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.

Published Nov 19, 2012 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2011-4924: Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2....

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104

Published Nov 25, 2019 · Updated Aug 7, 2024