Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0465

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Apr, 2011 | 15:00
Updated At-06 Aug, 2024 | 21:51
Rejected At-
Credits

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Apr, 2011 | 15:00
Updated At:06 Aug, 2024 | 21:51
Rejected At:
â–¼CVE Numbering Authority (CNA)

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
mailing-list
x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2011-0433.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0966
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44040
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2011/dsa-2213
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/44082
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=680196
x_refsource_CONFIRM
http://www.securitytracker.com/id?1025317
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/47189
vdb-entry
x_refsource_BID
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/44123
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0880
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0906
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44012
third-party-advisory
x_refsource_SECUNIA
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
x_refsource_CONFIRM
http://secunia.com/advisories/44010
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
vdb-entry
x_refsource_XF
http://www.ubuntu.com/usn/USN-1107-1
vendor-advisory
x_refsource_UBUNTU
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
vendor-advisory
x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2011/0889
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0929
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44122
third-party-advisory
x_refsource_SECUNIA
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
vendor-advisory
x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2011-0432.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0975
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44193
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
vendor-advisory
x_refsource_SUSE
https://lwn.net/Articles/437150/
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44040
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/44082
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1025317
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/47189
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/44123
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44012
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/44010
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44122
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44193
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://lwn.net/Articles/437150/
Resource:
vendor-advisory
x_refsource_SUSE
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0433.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2011/0966
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44040
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2011/dsa-2213
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/44082
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=680196
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1025317
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/47189
vdb-entry
x_refsource_BID
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/44123
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0880
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0906
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44012
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/44010
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
vdb-entry
x_refsource_XF
x_transferred
http://www.ubuntu.com/usn/USN-1107-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.vupen.com/english/advisories/2011/0889
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0929
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44122
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0432.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2011/0975
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44193
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://lwn.net/Articles/437150/
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44040
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/44082
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025317
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/47189
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/44123
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44012
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/44010
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44122
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44193
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://lwn.net/Articles/437150/
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Apr, 2011 | 15:17
Updated At:29 Apr, 2026 | 01:13

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
matthias_hopf
matthias_hopf
>>xrdb>>Versions up to 1.0.8(inclusive)
cpe:2.3:a:matthias_hopf:xrdb:*:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.2
cpe:2.3:a:matthias_hopf:xrdb:1.0.2:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.3
cpe:2.3:a:matthias_hopf:xrdb:1.0.3:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.4
cpe:2.3:a:matthias_hopf:xrdb:1.0.4:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.5
cpe:2.3:a:matthias_hopf:xrdb:1.0.5:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.6
cpe:2.3:a:matthias_hopf:xrdb:1.0.6:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.7
cpe:2.3:a:matthias_hopf:xrdb:1.0.7:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>Versions up to r7.6(inclusive)
cpe:2.3:a:x:x11:*:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r1
cpe:2.3:a:x:x11:r1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r2
cpe:2.3:a:x:x11:r2:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r3
cpe:2.3:a:x:x11:r3:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r4
cpe:2.3:a:x:x11:r4:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r5
cpe:2.3:a:x:x11:r5:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6
cpe:2.3:a:x:x11:r6:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.1
cpe:2.3:a:x:x11:r6.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.3
cpe:2.3:a:x:x11:r6.3:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.4
cpe:2.3:a:x:x11:r6.4:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.5.1
cpe:2.3:a:x:x11:r6.5.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.6
cpe:2.3:a:x:x11:r6.6:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.7
cpe:2.3:a:x:x11:r6.7:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.7.0
cpe:2.3:a:x:x11:r6.7.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.8.0
cpe:2.3:a:x:x11:r6.8.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.8.1
cpe:2.3:a:x:x11:r6.8.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.8.2
cpe:2.3:a:x:x11:r6.8.2:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.9.0
cpe:2.3:a:x:x11:r6.9.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.0
cpe:2.3:a:x:x11:r7.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.1
cpe:2.3:a:x:x11:r7.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.2
cpe:2.3:a:x:x11:r7.2:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.3
cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.4
cpe:2.3:a:x:x11:r7.4:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.5
cpe:2.3:a:x:x11:r7.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56cve@mitre.org
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.htmlcve@mitre.org
N/A
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.htmlcve@mitre.org
Patch
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.htmlcve@mitre.org
Patch
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.htmlcve@mitre.org
N/A
http://secunia.com/advisories/44010cve@mitre.org
N/A
http://secunia.com/advisories/44012cve@mitre.org
N/A
http://secunia.com/advisories/44040cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/44082cve@mitre.org
N/A
http://secunia.com/advisories/44122cve@mitre.org
N/A
http://secunia.com/advisories/44123cve@mitre.org
N/A
http://secunia.com/advisories/44193cve@mitre.org
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748cve@mitre.org
N/A
http://www.debian.org/security/2011/dsa-2213cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-0432.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-0433.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/47189cve@mitre.org
N/A
http://www.securitytracker.com/id?1025317cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1107-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0880cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0889cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0906cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0929cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0966cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0975cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=680196cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585cve@mitre.org
N/A
https://lwn.net/Articles/437150/cve@mitre.org
N/A
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56af854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44010af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44012af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44040af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/44082af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44122af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44123af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44193af854a3a-2127-422b-91ae-364da2661108
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2011/dsa-2213af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0432.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0433.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/47189af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1025317af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1107-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0880af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0889af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0906af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0929af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0966af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0975af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=680196af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585af854a3a-2127-422b-91ae-364da2661108
N/A
https://lwn.net/Articles/437150/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44010
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44012
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44040
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44082
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44122
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44123
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44193
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47189
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025317
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lwn.net/Articles/437150/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44012
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44040
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44082
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44123
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44193
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47189
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lwn.net/Articles/437150/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

503Records found
CVE-2015-2461
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-41.07% / 97.44%
||
7 Day CHG~0.00%
Published-15 Aug, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_10windows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2460
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-51.83% / 97.94%
||
7 Day CHG~0.00%
Published-15 Aug, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vista.net_frameworkwindows_8windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2455
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-53.23% / 98.00%
||
7 Day CHG~0.00%
Published-15 Aug, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2456.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_10windows_7windows_8.1windows_server_2008live_meetinglync_basicwindows_vistalync.net_frameworkwindows_8officesilverlightwindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2462
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-41.52% / 97.46%
||
7 Day CHG~0.00%
Published-15 Aug, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_10windows_7windows_8.1windows_server_2008windows_vista.net_frameworkwindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2466
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-39.12% / 97.33%
||
7 Day CHG~0.00%
Published-15 Aug, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-2530
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-23.09% / 96.00%
||
7 Day CHG~0.00%
Published-09 Sep, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_10windows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1942
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.3||HIGH
EPSS-2.46% / 85.42%
||
7 Day CHG~0.00%
Published-30 Jun, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1326
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-5.7||MEDIUM
EPSS-0.11% / 29.39%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:35
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp

python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.

Action-Not Available
Vendor-python-dbusmock_projectUbuntu
Product-python-dbusmockpython-dbusmock
CWE ID-CWE-20
Improper Input Validation
CVE-2014-7178
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-10.39% / 93.29%
||
7 Day CHG~0.00%
Published-28 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

Action-Not Available
Vendor-n/aEnalean SAS
Product-tuleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0853
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-8.8||HIGH
EPSS-1.67% / 82.31%
||
7 Day CHG~0.00%
Published-06 Sep, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).

Action-Not Available
Vendor-pysvn_projectn/a
Product-svn-workbenchn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9866
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.32%
||
7 Day CHG~0.00%
Published-06 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9962
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9933
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-16 May, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm Products
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.68% / 82.37%
||
7 Day CHG~0.00%
Published-19 Aug, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode.

Action-Not Available
Vendor-sielcosistemin/a
Product-winlog_litewinlog_pron/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4776
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-45.02% / 97.64%
||
7 Day CHG~0.00%
Published-14 Nov, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xp.net_frameworkwindows_8windows_server_2012windows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4710
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||HIGH
EPSS-0.47% / 64.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference.

Action-Not Available
Vendor-invensysn/a
Product-wonderware_win-xml_exportern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4359
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.68% / 82.37%
||
7 Day CHG~0.00%
Published-19 Aug, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358.

Action-Not Available
Vendor-sielcosistemin/a
Product-winlog_litewinlog_pron/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4655
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-2.40% / 85.23%
||
7 Day CHG~0.00%
Published-24 Sep, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-4357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-21.51% / 95.79%
||
7 Day CHG~0.00%
Published-19 Aug, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block.

Action-Not Available
Vendor-sielcosistemin/a
Product-winlog_litewinlog_pron/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-18123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-0.51% / 66.45%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.

Action-Not Available
Vendor-dokuwikin/aDebian GNU/Linux
Product-dokuwikidebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.34% / 85.05%
||
7 Day CHG~0.00%
Published-14 Jun, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.65% / 82.23%
||
7 Day CHG~0.00%
Published-14 Jun, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-playeresxfusionesxiworkstationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2611
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-77.66% / 99.01%
||
7 Day CHG~0.00%
Published-15 May, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-2493
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-1.28% / 79.81%
||
7 Day CHG~0.00%
Published-20 Jun, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Action-Not Available
Vendor-n/aApple Inc.Cisco Systems, Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-anyconnect_secure_mobility_clientwindowslinux_kernelmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44228
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-10||CRITICAL
EPSS-94.36% / 99.96%
||
7 Day CHG~0.00%
Published-10 Dec, 2021 | 00:00
Updated-20 Feb, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-24||For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Action-Not Available
Vendor-snowsoftwarepercussionApple Inc.SonicWall Inc.Intel CorporationCisco Systems, Inc.Siemens AGThe Apache Software FoundationDebian GNU/LinuxBentley Systems, IncorporatedFedora ProjectNetApp, Inc.
Product-firepower_4112siveillance_vantagefirepower_4125sppa-t3000_ses3000siveillance_commandsiguard_dsapackaged_contact_center_enterpriseoneapi_sample_browsersolidfire_enterprise_sdsnetwork_assurance_engineactive_iq_unified_manageridentity_services_enginepaging_serversmart_phycx_cloud_agentmindspherefirepower_4115industrial_edge_managementunified_communications_manager_im_and_presence_servicespectrum_power_7xcodeenergyip_prepay6bk1602-0aa52-0tp0_firmwarevirtual_topology_systemcomputer_vision_annotation_toolontap_toolsteamcenteremail_securityunified_workforce_optimizationfedoraunified_contact_center_enterprisesystem_studiowebex_meetings_servernexus_insightscloud_connectfirepower_2130operation_schedulercustomer_experience_cloud_agentunified_customer_voice_portalunified_contact_center_management_portalvm_access_proxyenterprise_chat_and_emaillogo\!_soft_comfort6bk1602-0aa32-0tp0_firmwarerhythmyxsiveillance_control_procomosoptical_network_controllercloud_secure_agentucs_central_software6bk1602-0aa12-0tp0xpedition_enterprisefirepower_1150evolved_programmable_network_managerfirepower_21206bk1602-0aa42-0tp0cyber_vision_sensor_management_extensionsolid_edge_harness_designvirtualized_infrastructure_manager6bk1602-0aa12-0tp0_firmwarecrosswork_optimization_engineunified_computing_systemsolidfire_\&_hci_storage_nodehead-end_system_universal_device_integration_systemmendixunified_communications_managerautomated_subsea_tuningdna_centercontact_center_domain_manageroncommand_insightenergyipsppa-t3000_ses3000_firmwareenergy_engagefirepower_4120spectrum_power_4firepower_2140crosswork_network_controllere-car_operation_centerfinessesecure_device_onboardbroadworkssentron_powermanagerfirepower_1140network_services_orchestratorsd-wan_vmanageucs_centralfxosvideo_surveillance_operations_manageradvanced_malware_protection_virtual_private_cloud_appliancesolid_edge_cam_procloudcenter_suite_adminemergency_responder6bk1602-0aa32-0tp0snow_commandersynchrosiveillance_identitygenomics_kernel_library6bk1602-0aa22-0tp0_firmwarecloudcentermobility_services_enginevirtualized_voice_browserfirepower_4140unity_connectionlog4jnxnetwork_dashboard_fabric_controllerunified_communications_manager_im_\&_presence_serviceiot_operations_dashboardfirepower_4150navigatorcrosswork_network_automationunified_intelligence_centerfog_directorfirepower_1010dna_spaces_connectordata_center_network_managerdesigo_cc_info_centerfirepower_4145cyber_visiondesigo_cc_advanced_reportsxpedition_package_integratorcapitalcrosswork_zero_touch_provisioning6bk1602-0aa22-0tp0integrated_management_controller_supervisorcloudcenter_suitefirepower_2110contact_center_management_portalsynchro_4ddna_spacesvideo_surveillance_managersiveillance_viewpointvesysworkload_optimization_managerunified_contact_center_expressucs_directorcrosswork_platform_infrastructurecloud_managerunified_sip_proxynexus_dashboardcloud_insightscloudcenter_cost_optimizerdebian_linuxbrocade_san_navigatorcrosswork_data_gatewayintersight_virtual_appliancesnapcenteropcenter_intelligencedna_spaces\firepower_1120firepower_threat_defense6bk1602-0aa42-0tp0_firmwaresipass_integratedprime_service_catalogbusiness_process_automationcommon_services_platform_collectorwan_automation_enginefirepower_4110cloudcenter_workload_managergma-managerdatacenter_managerconnected_mobile_experiencesfirepower_93006bk1602-0aa52-0tp0network_insights_for_data_centerindustrial_edge_management_hubApache Log4j2Log4j2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2012-2248
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-8.1||HIGH
EPSS-2.44% / 85.34%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 17:40
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

Action-Not Available
Vendor-dhclient_projectisc-dhcpDebian GNU/Linux
Product-dhclientdebian_linuxisc-dhcp
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1807
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-78.65% / 99.06%
||
7 Day CHG~0.00%
Published-10 Sep, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Action-Not Available
Vendor-webkitgtkn/aGoogle LLCApple Inc.
Product-webkitgtkandroidsafarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1585
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.46% / 81.04%
||
7 Day CHG~0.00%
Published-28 Apr, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22727
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.93% / 76.33%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

Action-Not Available
Vendor-n/a
Product-ecostruxure_power_monitoring_expertEcoStruxure Power Monitoring Expert (Versions 2020 and prior)
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0667
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 10.50%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0674
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.55%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0736
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.3||HIGH
EPSS-2.33% / 85.02%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_appscann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0148
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-94.07% / 99.91%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 00:00
Updated-22 Apr, 2026 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-27||Apply updates per vendor instructions.

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.

Action-Not Available
Vendor-Microsoft CorporationSiemens AG
Product-windows_7windows_8.1windows_10_1511tissue_preparation_system_firmwarewindows_vistaversant_kpcr_molecular_systemversant_kpcr_sample_prepsyngo_sc2000acuson_p500_firmwareversant_kpcr_molecular_system_firmwareacuson_x700_firmwarewindows_server_2012tissue_preparation_systemversant_kpcr_sample_prep_firmwareacuson_p300windows_server_2008server_message_blockwindows_10_1607acuson_p300_firmwaresyngo_sc2000_firmwareacuson_sc2000acuson_x700acuson_p500acuson_sc2000_firmwarewindows_10_1507windows_server_2016windows_rt_8.1Windows SMBSMBv1 server
CWE ID-CWE-20
Improper Input Validation
CVE-2017-0676
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.34%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-91.61% / 99.69%
||
7 Day CHG~0.00%
Published-15 Aug, 2012 | 10:00
Updated-22 Apr, 2026 | 10:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.

Action-Not Available
Vendor-n/aApple Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Microsoft CorporationAdobe Inc.
Product-linux_enterprise_desktopmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsflash_playerlinux_kernelopensusen/aFlash Player
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-3937
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.10%
||
7 Day CHG~0.00%
Published-10 Oct, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30030994 and MediaTek internal bug ALPS02834874.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0165
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.11% / 98.37%
||
7 Day CHG~0.00%
Published-09 May, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistaofficewindows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3301
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-53.61% / 98.02%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_viewerlive_meetingwindows_10windows_7windows_8.1windows_server_2008windows_vistalyncskype_for_businessofficewindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0163
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.23% / 98.05%
||
7 Day CHG+0.10%
Published-10 Apr, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0212
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-9.3||HIGH
EPSS-10.65% / 93.39%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

Action-Not Available
Vendor-devscripts_devel_teamn/a
Product-devscriptsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0151
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-89.01% / 99.54%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 21:00
Updated-22 Apr, 2026 | 10:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_server_2003n/aWindows
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0167
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-64.54% / 98.47%
||
7 Day CHG~0.00%
Published-09 May, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.67% / 82.33%
||
7 Day CHG~0.00%
Published-27 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.

Action-Not Available
Vendor-hex-raysn/aGoogle LLC
Product-idaidapythonn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0267
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-73.28% / 98.81%
||
7 Day CHG~0.00%
Published-15 Jan, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.

Action-Not Available
Vendor-ntrglobaln/a
Product-ntr_activex_controln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0092
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-47.21% / 97.72%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3303
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-52.98% / 97.99%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_viewerlive_meetingwindows_7windows_server_2008windows_vistalyncskype_for_businessofficen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0211
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-9.3||HIGH
EPSS-10.65% / 93.39%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.

Action-Not Available
Vendor-devscripts_devel_teamn/a
Product-devscriptsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.22% / 79.32%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-screenosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7072
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.01% / 77.34%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_oswatchosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0160
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.65% / 98.06%
||
7 Day CHG~0.00%
Published-09 May, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 10
  • 11
  • Next
Details not found