Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1430

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Mar, 2011 | 22:00
Updated At-06 Aug, 2024 | 22:28
Rejected At-
Credits

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Mar, 2011 | 22:00
Updated At:06 Aug, 2024 | 22:28
Rejected At:
▼CVE Numbering Authority (CNA)

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
vdb-entry
x_refsource_XF
http://www.osvdb.org/71020
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/43676
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/46767
vdb-entry
x_refsource_BID
http://www.kb.cert.org/vuls/id/555316
third-party-advisory
x_refsource_CERT-VN
http://www.vupen.com/english/advisories/2011/0609
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.osvdb.org/71020
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/43676
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/46767
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
vdb-entry
x_refsource_XF
x_transferred
http://www.osvdb.org/71020
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/43676
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/46767
vdb-entry
x_refsource_BID
x_transferred
http://www.kb.cert.org/vuls/id/555316
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.vupen.com/english/advisories/2011/0609
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.osvdb.org/71020
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/43676
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46767
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Mar, 2011 | 22:55
Updated At:29 Apr, 2026 | 01:13

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Ipswitch, Inc.
ipswitch
>>imail>>*
cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>Versions up to 11.03(inclusive)
cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0
cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.5
cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.6
cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.7
cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.8
cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.00
cpe:2.3:a:ipswitch:imail:6.00:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0
cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.1
cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.2
cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.3
cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.4
cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.5
cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.6
cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.1
cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.2
cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.3
cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.4
cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.06
cpe:2.3:a:ipswitch:imail:6.06:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.1
cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.2
cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.3
cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.4
cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.5
cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.6
cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.7
cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.1
cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.12
cpe:2.3:a:ipswitch:imail:7.12:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.0.3
cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.0.5
cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.1
cpe:2.3:a:ipswitch:imail:8.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.01
cpe:2.3:a:ipswitch:imail:8.01:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.11
cpe:2.3:a:ipswitch:imail:8.11:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.12
cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.13
cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.22
cpe:2.3:a:ipswitch:imail:8.22:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>10
cpe:2.3:a:ipswitch:imail:10:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>10.01
cpe:2.3:a:ipswitch:imail:10.01:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>10.02
cpe:2.3:a:ipswitch:imail:10.02:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>11
cpe:2.3:a:ipswitch:imail:11:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>11.01
cpe:2.3:a:ipswitch:imail:11.01:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>11.02
cpe:2.3:a:ipswitch:imail:11.02:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>2006
cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>2006.1
cpe:2.3:a:ipswitch:imail:2006.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>2006.2
cpe:2.3:a:ipswitch:imail:2006.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>server_8.2_hotfix_2
cpe:2.3:a:ipswitch:imail:server_8.2_hotfix_2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://secunia.com/advisories/43676cve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/555316cve@mitre.org
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4cve@mitre.org
US Government Resource
http://www.osvdb.org/71020cve@mitre.org
N/A
http://www.securityfocus.com/bid/46767cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0609cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932cve@mitre.org
N/A
http://secunia.com/advisories/43676af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.kb.cert.org/vuls/id/555316af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.osvdb.org/71020af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/46767af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0609af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/43676
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/71020
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46767
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/43676
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/71020
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46767
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

498Records found

CVE-2014-9872
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.45% / 36.31%
||
7 Day CHG~0.00%
Published-06 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12070
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.43%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 20:00
Updated-05 Aug, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.

Action-Not Available
Vendor-opcfoundationn/a
Product-ua-.net-legacyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1001004
Matching Score-4
Assigner-46fe6300-5254-4a98-9594-a9567bec8179
ShareView Details
Matching Score-4
Assigner-46fe6300-5254-4a98-9594-a9567bec8179
CVSS Score-8.8||HIGH
EPSS-1.88% / 76.95%
||
7 Day CHG~0.00%
Published-27 Nov, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.

Action-Not Available
Vendor-typed_function_projecttyped-function
Product-typed_functiontyped-function
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-9268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.66% / 90.63%
||
7 Day CHG~0.00%
Published-08 Dec, 2014 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-10953
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.19% / 86.55%
||
7 Day CHG~0.00%
Published-31 Oct, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030.

Action-Not Available
Vendor-Foxit Software Incorporated
Product-foxit_readerFoxit Reader
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-8755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.61% / 83.53%
||
7 Day CHG~0.00%
Published-17 Oct, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."

Action-Not Available
Vendor-panasonicn/a
Product-network_camera_viewn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-7241
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-2.02% / 78.54%
||
7 Day CHG~0.00%
Published-19 Dec, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

Action-Not Available
Vendor-tsutayan/a
Product-tsutayan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-8040
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.36% / 87.25%
||
7 Day CHG~0.00%
Published-02 Nov, 2015 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.

Action-Not Available
Vendor-n/aSamsung
Product-smartviewern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44548
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-5.09% / 91.31%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 08:55
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Solr information disclosure vulnerability through DataImportHandler

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-windowssolrApache Solr
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-40
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-7976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-23.45% / 97.51%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-ghostscriptn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-5468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-52.56% / 98.83%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 16:04
Updated-06 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.

Action-Not Available
Vendor-getrailon/a
Product-railon/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-4494
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.90% / 55.36%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6806
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.73% / 90.75%
||
7 Day CHG~0.00%
Published-12 May, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.

Action-Not Available
Vendor-7-shopn/a
Product-7shopn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-44422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.87% / 54.31%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 18:25
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.

Action-Not Available
Vendor-opendesignn/a
Product-drawings_sdkn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3825
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.04% / 78.80%
||
7 Day CHG~0.00%
Published-14 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junossrx220srx5600srx650srx1400srx110srx3400srx3600srx550srx5800srx210srx100srx240n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-10.93% / 95.34%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_studiodebug_interface_access_software_development_kitn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6674
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.41% / 32.61%
||
7 Day CHG~0.00%
Published-10 Oct, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

system_server in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.51% / 71.30%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 16:07
Updated-06 Aug, 2024 | 10:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic.

Action-Not Available
Vendor-wpsn/aHuawei Technologies Co., Ltd.
Product-wps_officep2-6011_firmwarep2-6011n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6816
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.1||HIGH
EPSS-39.63% / 98.44%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3137
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.10% / 86.16%
||
7 Day CHG~0.00%
Published-25 Oct, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

Action-Not Available
Vendor-bottlepyn/a
Product-bottlen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.57% / 72.38%
||
7 Day CHG~0.00%
Published-18 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.

Action-Not Available
Vendor-freetypen/aCanonical Ltd.
Product-ubuntu_linuxfreetypen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.23% / 65.14%
||
7 Day CHG~0.00%
Published-02 Mar, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1594
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.41% / 87.40%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5197
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.96% / 57.29%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 54.0.2840.85 for Android
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4825
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.6||MEDIUM
EPSS-2.86% / 85.03%
||
7 Day CHG~0.00%
Published-25 Jun, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.

Action-Not Available
Vendor-welcartn/a
Product-welcart_e-commercen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1587
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.55% / 87.88%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4497
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.2||MEDIUM
EPSS-0.58% / 43.61%
||
7 Day CHG~0.00%
Published-12 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

Action-Not Available
Vendor-panasonicn/a
Product-fpwin_pron/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0954
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.31% / 67.04%
||
7 Day CHG~0.00%
Published-22 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.64% / 73.40%
||
7 Day CHG~0.00%
Published-09 Dec, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1484
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.86% / 94.57%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:41
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.56% / 83.22%
||
7 Day CHG~0.00%
Published-09 Dec, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7327
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.68% / 84.00%
||
7 Day CHG~0.00%
Published-18 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.

Action-Not Available
Vendor-n/aThe PHP GroupCanonical Ltd.
Product-ubuntu_linuxphpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-39771
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.31% / 22.64%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 16:02
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5106
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.70% / 74.41%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 21:35
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19.

Action-Not Available
Vendor-python-mode_projectn/a
Product-python-moden/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13541
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-1.94% / 77.65%
||
7 Day CHG~0.00%
Published-18 Oct, 2019 | 18:26
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.

Action-Not Available
Vendor-hornerautomationn/a
Product-cscapeHorner Automation Cscape
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-5168
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.62% / 73.06%
||
7 Day CHG~0.00%
Published-24 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4660
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-17.19% / 96.72%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.

Action-Not Available
Vendor-nodecan/a
Product-js-yamln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-38015
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.59% / 44.05%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36007
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.47% / 70.66%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Prelude version 10.0 (and earlier) are affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2013-5529
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.17% / 63.66%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service (deployment interruption) via a direct request, aka Bug ID CSCuf52200.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-webex_meetings_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13692
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.72% / 49.51%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0091
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-23.64% / 97.53%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5576
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-48.19% / 98.72%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12981
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.33% / 67.58%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 17:09
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.

Action-Not Available
Vendor-libmingn/a
Product-libmingn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34597
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.8||HIGH
EPSS-0.63% / 45.88%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 09:50
Updated-16 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability

Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-pc_worxpc_worx_expressPC Worx
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34323
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-1.64% / 73.46%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13419)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34300
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-1.57% / 72.44%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13194)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34330
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-1.79% / 75.73%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13430)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-416
Use After Free
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34301
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-1.57% / 72.44%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-416
Use After Free
CWE ID-CWE-20
Improper Input Validation
CVE-2021-34292
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-1.57% / 72.44%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:03
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959)

Action-Not Available
Vendor-Siemens AG
Product-jt2goteamcenter_visualizationJT2GoTeamcenter Visualization
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 9
  • 10
  • Next
Details not found