CVE-2011-2692
- EPSS 4.23%
- Veröffentlicht 17.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:48
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory...
CVE-2011-1526
- EPSS 3.94%
- Veröffentlicht 11.07.2011 20:55:01
- Zuletzt bearbeitet 16.06.2026 23:29:33
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, ...
CVE-2011-2192
- EPSS 2.99%
- Veröffentlicht 07.07.2011 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:30:53
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSS...
CVE-2011-1770
- EPSS 4.36%
- Veröffentlicht 24.06.2011 20:55:03
- Zuletzt bearbeitet 16.06.2026 23:29:59
Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature optio...
CVE-2011-1755
- EPSS 3.66%
- Veröffentlicht 21.06.2011 02:52:43
- Zuletzt bearbeitet 16.06.2026 23:29:57
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity reference...
CVE-2011-1943
- EPSS 0.22%
- Veröffentlicht 14.06.2011 17:55:05
- Zuletzt bearbeitet 16.06.2026 23:30:26
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by read...
- EPSS 8.48%
- Veröffentlicht 06.06.2011 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:29:57
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as e...
CVE-2011-1783
- EPSS 6.74%
- Veröffentlicht 06.06.2011 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:30:01
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memor...
- EPSS 3.75%
- Veröffentlicht 20.03.2011 02:00:04
- Zuletzt bearbeitet 16.06.2026 23:28:34
Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characte...
- EPSS 73.95%
- Veröffentlicht 02.03.2011 20:00:01
- Zuletzt bearbeitet 16.06.2026 23:28:01
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions...