CVE-2011-2688
- EPSS 5.66%
- Veröffentlicht 28.07.2011 18:55:02
- Zuletzt bearbeitet 16.06.2026 23:31:47
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2011-2501
- EPSS 3.48%
- Veröffentlicht 17.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:27
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers...
CVE-2011-2690
- EPSS 3.29%
- Veröffentlicht 17.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:48
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwr...
CVE-2011-2691
- EPSS 3.86%
- Veröffentlicht 17.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:48
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers t...
CVE-2011-2692
- EPSS 4.23%
- Veröffentlicht 17.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:48
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory...
CVE-2011-1526
- EPSS 3.94%
- Veröffentlicht 11.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:29:33
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, ...
CVE-2011-2192
- EPSS 2.99%
- Veröffentlicht 07.07.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:30:53
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSS...
- EPSS 8.48%
- Veröffentlicht 06.06.2011 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:29:57
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as e...
CVE-2011-1783
- EPSS 6.74%
- Veröffentlicht 06.06.2011 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:30:01
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memor...
CVE-2011-1799
- EPSS 1.02%
- Veröffentlicht 16.05.2011 17:55:04
- Zuletzt bearbeitet 16.06.2026 23:30:08
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.