Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0465

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Apr, 2011 | 15:00
Updated At-06 Aug, 2024 | 21:51
Rejected At-
Credits

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Apr, 2011 | 15:00
Updated At:06 Aug, 2024 | 21:51
Rejected At:
â–¼CVE Numbering Authority (CNA)

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
mailing-list
x_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2011-0433.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0966
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44040
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2011/dsa-2213
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/44082
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=680196
x_refsource_CONFIRM
http://www.securitytracker.com/id?1025317
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/47189
vdb-entry
x_refsource_BID
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/44123
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0880
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0906
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44012
third-party-advisory
x_refsource_SECUNIA
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
x_refsource_CONFIRM
http://secunia.com/advisories/44010
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
vdb-entry
x_refsource_XF
http://www.ubuntu.com/usn/USN-1107-1
vendor-advisory
x_refsource_UBUNTU
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
vendor-advisory
x_refsource_SLACKWARE
http://www.vupen.com/english/advisories/2011/0889
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0929
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44122
third-party-advisory
x_refsource_SECUNIA
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
vendor-advisory
x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2011-0432.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0975
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44193
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
vendor-advisory
x_refsource_SUSE
https://lwn.net/Articles/437150/
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44040
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/44082
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1025317
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/47189
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/44123
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44012
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/44010
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44122
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44193
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://lwn.net/Articles/437150/
Resource:
vendor-advisory
x_refsource_SUSE
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0433.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2011/0966
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44040
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2011/dsa-2213
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/44082
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=680196
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1025317
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/47189
vdb-entry
x_refsource_BID
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/44123
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0880
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0906
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44012
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/44010
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
vdb-entry
x_refsource_XF
x_transferred
http://www.ubuntu.com/usn/USN-1107-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.vupen.com/english/advisories/2011/0889
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0929
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44122
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0432.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2011/0975
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44193
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://lwn.net/Articles/437150/
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44040
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/44082
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025317
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/47189
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/44123
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44012
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/44010
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44122
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44193
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://lwn.net/Articles/437150/
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Apr, 2011 | 15:17
Updated At:29 Apr, 2026 | 01:13

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
matthias_hopf
matthias_hopf
>>xrdb>>Versions up to 1.0.8(inclusive)
cpe:2.3:a:matthias_hopf:xrdb:*:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.2
cpe:2.3:a:matthias_hopf:xrdb:1.0.2:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.3
cpe:2.3:a:matthias_hopf:xrdb:1.0.3:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.4
cpe:2.3:a:matthias_hopf:xrdb:1.0.4:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.5
cpe:2.3:a:matthias_hopf:xrdb:1.0.5:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.6
cpe:2.3:a:matthias_hopf:xrdb:1.0.6:*:*:*:*:*:*:*
matthias_hopf
matthias_hopf
>>xrdb>>1.0.7
cpe:2.3:a:matthias_hopf:xrdb:1.0.7:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>Versions up to r7.6(inclusive)
cpe:2.3:a:x:x11:*:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r1
cpe:2.3:a:x:x11:r1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r2
cpe:2.3:a:x:x11:r2:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r3
cpe:2.3:a:x:x11:r3:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r4
cpe:2.3:a:x:x11:r4:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r5
cpe:2.3:a:x:x11:r5:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6
cpe:2.3:a:x:x11:r6:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.1
cpe:2.3:a:x:x11:r6.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.3
cpe:2.3:a:x:x11:r6.3:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.4
cpe:2.3:a:x:x11:r6.4:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.5.1
cpe:2.3:a:x:x11:r6.5.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.6
cpe:2.3:a:x:x11:r6.6:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.7
cpe:2.3:a:x:x11:r6.7:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.7.0
cpe:2.3:a:x:x11:r6.7.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.8.0
cpe:2.3:a:x:x11:r6.8.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.8.1
cpe:2.3:a:x:x11:r6.8.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.8.2
cpe:2.3:a:x:x11:r6.8.2:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r6.9.0
cpe:2.3:a:x:x11:r6.9.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.0
cpe:2.3:a:x:x11:r7.0:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.1
cpe:2.3:a:x:x11:r7.1:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.2
cpe:2.3:a:x:x11:r7.2:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.3
cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.4
cpe:2.3:a:x:x11:r7.4:*:*:*:*:*:*:*
X.Org Foundation
x
>>x11>>r7.5
cpe:2.3:a:x:x11:r7.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56cve@mitre.org
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.htmlcve@mitre.org
N/A
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.htmlcve@mitre.org
Patch
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.htmlcve@mitre.org
Patch
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.htmlcve@mitre.org
N/A
http://secunia.com/advisories/44010cve@mitre.org
N/A
http://secunia.com/advisories/44012cve@mitre.org
N/A
http://secunia.com/advisories/44040cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/44082cve@mitre.org
N/A
http://secunia.com/advisories/44122cve@mitre.org
N/A
http://secunia.com/advisories/44123cve@mitre.org
N/A
http://secunia.com/advisories/44193cve@mitre.org
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748cve@mitre.org
N/A
http://www.debian.org/security/2011/dsa-2213cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-0432.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-0433.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/47189cve@mitre.org
N/A
http://www.securitytracker.com/id?1025317cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-1107-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0880cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0889cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0906cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0929cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0966cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0975cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=680196cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585cve@mitre.org
N/A
https://lwn.net/Articles/437150/cve@mitre.org
N/A
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56af854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44010af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44012af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44040af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/44082af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44122af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44123af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44193af854a3a-2127-422b-91ae-364da2661108
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2011/dsa-2213af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0432.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0433.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/47189af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1025317af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1107-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0880af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0889af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0906af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0929af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0966af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0975af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=680196af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585af854a3a-2127-422b-91ae-364da2661108
N/A
https://lwn.net/Articles/437150/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44010
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44012
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44040
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44082
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44122
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44123
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44193
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47189
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025317
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lwn.net/Articles/437150/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44010
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44012
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44040
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44082
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44123
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44193
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2213
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0432.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0433.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47189
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1107-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0889
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0906
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0929
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0966
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0975
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=680196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lwn.net/Articles/437150/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

503Records found
CVE-2016-10338
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.13%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.70%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-ikarusn/aMicrosoft Corporation
Product-internet_explorerikarus_antivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1972
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.43% / 98.10%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-vision/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1269
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-49.50% / 97.83%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_compatibility_packpowerpointopen_xml_file_format_converterofficen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1272
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-50.20% / 97.86%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Insufficient Record Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excel_viewerexceloffice_compatibility_packopen_xml_file_format_converterofficen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0664
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-11.19% / 93.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vista.net_frameworkwindows_xpsilverlightwindows_2003_serverwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0600
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.07% / 91.59%
||
7 Day CHG+2.51%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0595
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-9.39% / 92.88%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.54%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-avast_antivirusinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0590
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-8.53% / 92.47%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0596
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-11.48% / 93.70%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0591
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.33% / 91.76%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0626
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.49% / 89.22%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5524
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.29% / 52.70%
||
7 Day CHG~0.00%
Published-12 Dec, 2008 | 18:13
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Action-Not Available
Vendor-quickhealn/aMicrosoft Corporation
Product-internet_explorercat_quickhealn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0624
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.49% / 89.22%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0599
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-9.59% / 92.96%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0121
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-47.24% / 97.73%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0098
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-48.27% / 97.77%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0586
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.44% / 85.34%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0926
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-4.52% / 89.27%
||
7 Day CHG~0.00%
Published-25 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0025
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-26.86% / 96.42%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_online_serveroffice_compatibility_packword_for_macoffice_web_apps_serverofficeoffice_web_appswordsharepoint_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0593
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-9.21% / 92.80%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0625
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.49% / 89.22%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-66.75% / 98.56%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excel_viewerexceloffice_compatibility_packopen_xml_file_format_converterofficen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4433
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-3.74% / 88.14%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 12:57
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_application_platform_on_demandaspera_high-speed_transfer_endpointaspera_streamingaspera_shares_on_demandaspera_faspex_on_demandaspera_proxy_serveraspera_high-speed_transfer_server_for_cloud_pak_for_integrationaspera_high-speed_transfer_serveraspera_server_on_demandaspera_transfer_cluster_managerAspera High-Speed Transfer EndpointAspera Faspex On DemandAspera High-Speed Transfer ServerAspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)Aspera Application Platform On DemandAspera StreamingAspera Shares On DemandAspera Proxy ServerAspera Transfer Cluster ManagerAspera Server On Demand
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0602
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.56% / 91.92%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0594
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.56% / 91.92%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.71% / 82.56%
||
7 Day CHG~0.00%
Published-08 Feb, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0531
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-73.25% / 98.81%
||
7 Day CHG~0.00%
Published-07 Feb, 2011 | 20:19
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.

Action-Not Available
Vendor-n/aVideoLAN
Product-vlc_media_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0627
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.86% / 92.08%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0623
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.49% / 89.22%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0925
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.3||HIGH
EPSS-2.36% / 85.10%
||
7 Day CHG~0.00%
Published-28 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_desktopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0656
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-59.54% / 98.27%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_powerpoint_viewerpowerpointpowerpoint_vieweroffice_compatibility_packopen_xml_file_format_converterofficepowerpoint_web_appn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0215
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.75% / 82.78%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-imageiowindows_7windows_vistawindows_xpsafarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0592
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.33% / 91.76%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0660
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-51.63% / 97.93%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_2003_serverwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6131
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-59.02% / 98.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted .mcl file, aka "Media Center Library Parsing RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_7windows_8windows_8.1n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0027
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-67.61% / 98.59%
||
7 Day CHG~0.00%
Published-12 Jan, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpdata_access_componentswindows_2003_serverwindows_data_access_componentswindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0033
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-22.06% / 95.86%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_2003_serverwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0042
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-63.16% / 98.41%
||
7 Day CHG~0.00%
Published-09 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_media_center_tv_packwindows_vistawindows_xpwindows_xp_media_centern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4342
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-21.24% / 95.75%
||
7 Day CHG~0.00%
Published-30 Sep, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.

Action-Not Available
Vendor-impressumnumedia_softburnaware_technologiesn/a
Product-burnawarecdburnerxpnumedia_dvd_burning_sdkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3837
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.3||HIGH
EPSS-1.07% / 77.99%
||
7 Day CHG~0.00%
Published-01 Oct, 2015 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4035
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.09% / 84.21%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3624
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-22.53% / 95.92%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4195
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-10.21% / 93.22%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3958
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.46% / 98.15%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xp.net_frameworkwindows_2003_serverwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4193
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-10.21% / 93.22%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3768
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.14% / 90.90%
||
7 Day CHG~0.00%
Published-10 Dec, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3629
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.96% / 90.74%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3631
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-15.17% / 94.68%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 10
  • 11
  • Next
Details not found