Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1430

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Mar, 2011 | 22:00
Updated At-06 Aug, 2024 | 22:28
Rejected At-
Credits

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Mar, 2011 | 22:00
Updated At:06 Aug, 2024 | 22:28
Rejected At:
▼CVE Numbering Authority (CNA)

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
vdb-entry
x_refsource_XF
http://www.osvdb.org/71020
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/43676
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/46767
vdb-entry
x_refsource_BID
http://www.kb.cert.org/vuls/id/555316
third-party-advisory
x_refsource_CERT-VN
http://www.vupen.com/english/advisories/2011/0609
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.osvdb.org/71020
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/43676
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/46767
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Resource:
vdb-entry
x_refsource_VUPEN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
vdb-entry
x_refsource_XF
x_transferred
http://www.osvdb.org/71020
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/43676
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/46767
vdb-entry
x_refsource_BID
x_transferred
http://www.kb.cert.org/vuls/id/555316
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.vupen.com/english/advisories/2011/0609
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.osvdb.org/71020
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/43676
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46767
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Mar, 2011 | 22:55
Updated At:29 Apr, 2026 | 01:13

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Ipswitch, Inc.
ipswitch
>>imail>>*
cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>Versions up to 11.03(inclusive)
cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0
cpe:2.3:a:ipswitch:imail:5.0:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.5
cpe:2.3:a:ipswitch:imail:5.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.6
cpe:2.3:a:ipswitch:imail:5.0.6:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.7
cpe:2.3:a:ipswitch:imail:5.0.7:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>5.0.8
cpe:2.3:a:ipswitch:imail:5.0.8:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.00
cpe:2.3:a:ipswitch:imail:6.00:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0
cpe:2.3:a:ipswitch:imail:6.0:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.1
cpe:2.3:a:ipswitch:imail:6.0.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.2
cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.3
cpe:2.3:a:ipswitch:imail:6.0.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.4
cpe:2.3:a:ipswitch:imail:6.0.4:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.5
cpe:2.3:a:ipswitch:imail:6.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.0.6
cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.1
cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.2
cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.3
cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.4
cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>6.06
cpe:2.3:a:ipswitch:imail:6.06:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.1
cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.2
cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.3
cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.4
cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.5
cpe:2.3:a:ipswitch:imail:7.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.6
cpe:2.3:a:ipswitch:imail:7.0.6:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.0.7
cpe:2.3:a:ipswitch:imail:7.0.7:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.1
cpe:2.3:a:ipswitch:imail:7.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>7.12
cpe:2.3:a:ipswitch:imail:7.12:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.0.3
cpe:2.3:a:ipswitch:imail:8.0.3:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.0.5
cpe:2.3:a:ipswitch:imail:8.0.5:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.1
cpe:2.3:a:ipswitch:imail:8.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.01
cpe:2.3:a:ipswitch:imail:8.01:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.11
cpe:2.3:a:ipswitch:imail:8.11:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.12
cpe:2.3:a:ipswitch:imail:8.12:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.13
cpe:2.3:a:ipswitch:imail:8.13:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>8.22
cpe:2.3:a:ipswitch:imail:8.22:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>10
cpe:2.3:a:ipswitch:imail:10:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>10.01
cpe:2.3:a:ipswitch:imail:10.01:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>10.02
cpe:2.3:a:ipswitch:imail:10.02:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>11
cpe:2.3:a:ipswitch:imail:11:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>11.01
cpe:2.3:a:ipswitch:imail:11.01:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>11.02
cpe:2.3:a:ipswitch:imail:11.02:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>2006
cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>2006.1
cpe:2.3:a:ipswitch:imail:2006.1:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>2006.2
cpe:2.3:a:ipswitch:imail:2006.2:*:*:*:*:*:*:*
Ipswitch, Inc.
ipswitch
>>imail>>server_8.2_hotfix_2
cpe:2.3:a:ipswitch:imail:server_8.2_hotfix_2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://secunia.com/advisories/43676cve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/555316cve@mitre.org
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4cve@mitre.org
US Government Resource
http://www.osvdb.org/71020cve@mitre.org
N/A
http://www.securityfocus.com/bid/46767cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0609cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932cve@mitre.org
N/A
http://secunia.com/advisories/43676af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.kb.cert.org/vuls/id/555316af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8DBRD4af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.osvdb.org/71020af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/46767af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0609af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65932af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/43676
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/71020
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46767
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/43676
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/555316
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/MAPG-8DBRD4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/71020
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46767
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0609
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

498Records found

CVE-2011-2802
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.03% / 59.35%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4213
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-2.00% / 78.31%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9597
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.63% / 93.05%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file.

Action-Not Available
Vendor-n/aVideoLAN
Product-vlc_media_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.93% / 77.56%
||
7 Day CHG~0.00%
Published-29 Nov, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2358
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.04% / 59.69%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9889
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.45% / 36.31%
||
7 Day CHG~0.00%
Published-06 Aug, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.47% / 82.56%
||
7 Day CHG~0.00%
Published-22 Mar, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-kerion/a
Product-connectkerio_mailservern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1813
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.35% / 68.18%
||
7 Day CHG~0.00%
Published-09 Jun, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2359
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.54% / 71.87%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Action-Not Available
Vendor-n/aDebian GNU/LinuxApple Inc.Google LLC
Product-itunesdebian_linuxiphone_ossafarichromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.04% / 59.92%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1434
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.35% / 68.15%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1748
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-2.74% / 84.34%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:49
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ostvoswatchosipadoswatchOStvOSiOS and iPadOS
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.54% / 71.92%
||
7 Day CHG~0.00%
Published-11 Mar, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafariitunesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.74% / 74.91%
||
7 Day CHG~0.00%
Published-08 May, 2020 | 17:29
Updated-15 Apr, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely

Action-Not Available
Vendor-pypan/a
Product-pipn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.75% / 88.54%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.

Action-Not Available
Vendor-roy_marplesn/a
Product-dhcpcdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1118
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.31% / 67.09%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0764
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-13.05% / 95.87%
||
7 Day CHG~0.00%
Published-31 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.

Action-Not Available
Vendor-t1libfoolabsglyphandcogn/a
Product-t1libxpdfxpdfreadern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.06% / 79.01%
||
7 Day CHG~0.00%
Published-04 Feb, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site.

Action-Not Available
Vendor-janrainn/aThe Drupal Association
Product-drupalrpxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0739
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.71% / 84.14%
||
7 Day CHG~0.00%
Published-02 Feb, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.

Action-Not Available
Vendor-mikel_lindsaarn/a
Product-mailn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.05% / 60.16%
||
7 Day CHG~0.00%
Published-08 Mar, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1302
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.53% / 90.38%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:25
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-asp.net_coreASP.NET Core
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13322
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-2.55% / 83.14%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 19:15
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483.

Action-Not Available
Vendor-Xiaomi
Product-mi_browserBrowser
CWE ID-CWE-356
Product UI does not Warn User of Unsafe Actions
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3686
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-4.95% / 91.10%
||
7 Day CHG~0.00%
Published-16 Oct, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

Action-Not Available
Vendor-w1.fin/aCanonical Ltd.Debian GNU/Linux
Product-hostapdwpa_supplicantdebian_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2957
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-5.26% / 91.54%
||
7 Day CHG~0.00%
Published-04 Sep, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

Action-Not Available
Vendor-n/aExim
Product-eximn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9803
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.79% / 75.61%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:06
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvossafariicloudiTunes for WindowswatchOSiCloud for WindowsSafariiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3945
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.8||HIGH
EPSS-2.07% / 79.11%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 18:43
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.

Action-Not Available
Vendor-extensisIrfanView
Product-mrsidMrSID plugin
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9254
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.88% / 54.66%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 22:36
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p30_prop30_pro_firmwareHUAWEI P30 Pro
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7803
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.17% / 63.52%
||
7 Day CHG~0.00%
Published-07 May, 2020 | 17:49
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoneplayer ActiveX File Download Vulnerability

IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.

Action-Not Available
Vendor-imgtechIMGTech Co,LtdMicrosoft Corporation
Product-windowszoneplayerZoneplayer
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7822
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.17% / 63.52%
||
7 Day CHG~0.00%
Published-04 Aug, 2020 | 14:14
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Multiple Vulnerabilities

DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalk Co,LtdMicrosoft Corporation
Product-windowsdaviewindyDaviewIndy
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7838
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.20% / 64.36%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 00:04
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72.

Action-Not Available
Vendor-onstoveSmilegateMicrosoft Corporation
Product-stovewindowsSTOVE Client
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7823
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.18% / 63.78%
||
7 Day CHG~0.00%
Published-04 Aug, 2020 | 14:14
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DaviewIndy Multiple Vulnerabilities

DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.

Action-Not Available
Vendor-hmtalkHumanTalk Co,Ltd
Product-daviewindyDaviewIndy
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6655
Matching Score-4
Assigner-Eaton
ShareView Details
Matching Score-4
Assigner-Eaton
CVSS Score-5.8||MEDIUM
EPSS-2.65% / 83.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:21
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File parsing Out-Of-Bounds read remote code execution

The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.

Action-Not Available
Vendor-eatonEaton
Product-easysofteasySoft Software
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6372
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-1.23% / 65.22%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 01:57
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6656
Matching Score-4
Assigner-Eaton
ShareView Details
Matching Score-4
Assigner-Eaton
CVSS Score-5.8||MEDIUM
EPSS-2.71% / 84.14%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:22
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File parsing Type Confusion Remote code execution vulerability

Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

Action-Not Available
Vendor-eatonEaton
Product-easysofteasySoft Software
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6373
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-1.23% / 65.22%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 01:58
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0488
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-6.8||MEDIUM
EPSS-2.08% / 79.26%
||
7 Day CHG~0.00%
Published-03 Nov, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-advanced_package_tooln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7102
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-14.80% / 96.27%
||
7 Day CHG~0.00%
Published-23 Dec, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.

Action-Not Available
Vendor-optimizepressn/a
Product-optimizepressn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3846
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.78% / 75.50%
||
7 Day CHG~0.00%
Published-27 Feb, 2020 | 20:45
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27823
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.11% / 61.83%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 14:03
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-uclouvainn/aDebian GNU/LinuxFedora Project
Product-openjpegdebian_linuxfedoraopenjpeg
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-0051
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.82% / 76.14%
||
7 Day CHG~0.00%
Published-02 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27828
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.37% / 68.59%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 03:07
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.

Action-Not Available
Vendor-n/aFedora ProjectJasPer
Product-jasperfedorajasper
CWE ID-CWE-20
Improper Input Validation
CVE-2020-27687
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.52% / 71.50%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 18:27
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.

Action-Not Available
Vendor-thingsboardn/a
Product-thingsboardn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-26817
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-1.23% / 65.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 16:15
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24432
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.7||MEDIUM
EPSS-10.65% / 95.25%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 19:32
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Arbitrary JavaScript Execution in PDF Documents

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) and Adobe Acrobat Pro DC 2017.011.30175 (and earlier) are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the current user. To exploit this issue, an attacker must acquire and then modify a certified PDF document that is trusted by the victim. The attacker then needs to convince the victim to open the document.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24672
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 41.65%
||
7 Day CHG+0.02%
Published-08 Sep, 2021 | 15:03
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB Base Software for SoftControl Remote Code Execution vulnerability

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .

Action-Not Available
Vendor-ABB
Product-base_softwareBase Software for SoftControl
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24376
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.00% / 58.43%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 20:00
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.

Action-Not Available
Vendor-freen/a
Product-freebox_pop_firmwarefreebox_popfreebox_revolution_firmwarefreebox_revolutionfreebox_onefreebox_delta_firmwarefreebox_one_firmwarefreebox_minifreebox_deltafreebox_mini_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.10% / 79.39%
||
7 Day CHG+0.09%
Published-06 Oct, 2020 | 17:10
Updated-04 Aug, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-socket.io-file_projectn/a
Product-socket.io-filen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.19% / 64.15%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 20:00
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.

Action-Not Available
Vendor-freen/a
Product-freebox_pop_firmwarefreebox_popfreebox_revolution_firmwarefreebox_revolutionfreebox_onefreebox_delta_firmwarefreebox_one_firmwarefreebox_minifreebox_deltafreebox_mini_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.17% / 63.46%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 20:00
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DNS rebinding vulnerability in Freebox v5 before 1.5.29.

Action-Not Available
Vendor-freen/a
Product-freebox_hd_firmwarefreebox_hdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-5099
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.12% / 86.22%
||
7 Day CHG~0.00%
Published-30 May, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 9
  • 10
  • Next
Details not found