Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2778

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Dec, 2011 | 02:00
Updated At-06 Aug, 2024 | 23:15
Rejected At-
Credits

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Dec, 2011 | 02:00
Updated At:06 Aug, 2024 | 23:15
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://blog.torproject.org/blog/tor-02235-released-security-patches
x_refsource_CONFIRM
http://www.debian.org/security/2011/dsa-2363
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://blog.torproject.org/blog/tor-02235-released-security-patches
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2011/dsa-2363
Resource:
vendor-advisory
x_refsource_DEBIAN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://blog.torproject.org/blog/tor-02235-released-security-patches
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2011/dsa-2363
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://blog.torproject.org/blog/tor-02235-released-security-patches
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2363
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Dec, 2011 | 03:59
Updated At:29 Apr, 2026 | 01:13

Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches

tor
tor
>>tor>>Versions up to 0.2.2.34(inclusive)
cpe:2.3:a:tor:tor:*:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.2
cpe:2.3:a:tor:tor:0.0.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.3
cpe:2.3:a:tor:tor:0.0.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.4
cpe:2.3:a:tor:tor:0.0.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.5
cpe:2.3:a:tor:tor:0.0.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6
cpe:2.3:a:tor:tor:0.0.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6.1
cpe:2.3:a:tor:tor:0.0.6.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.6.2
cpe:2.3:a:tor:tor:0.0.6.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7
cpe:2.3:a:tor:tor:0.0.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.1
cpe:2.3:a:tor:tor:0.0.7.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.2
cpe:2.3:a:tor:tor:0.0.7.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.7.3
cpe:2.3:a:tor:tor:0.0.7.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.8
cpe:2.3:a:tor:tor:0.0.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.8.1
cpe:2.3:a:tor:tor:0.0.8.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9
cpe:2.3:a:tor:tor:0.0.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.1
cpe:2.3:a:tor:tor:0.0.9.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.2
cpe:2.3:a:tor:tor:0.0.9.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.3
cpe:2.3:a:tor:tor:0.0.9.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.4
cpe:2.3:a:tor:tor:0.0.9.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.5
cpe:2.3:a:tor:tor:0.0.9.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.6
cpe:2.3:a:tor:tor:0.0.9.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.7
cpe:2.3:a:tor:tor:0.0.9.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.8
cpe:2.3:a:tor:tor:0.0.9.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.9
cpe:2.3:a:tor:tor:0.0.9.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.0.9.10
cpe:2.3:a:tor:tor:0.0.9.10:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.1
cpe:2.3:a:tor:tor:0.1.0.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.2
cpe:2.3:a:tor:tor:0.1.0.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.3
cpe:2.3:a:tor:tor:0.1.0.3:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.4
cpe:2.3:a:tor:tor:0.1.0.4:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.5
cpe:2.3:a:tor:tor:0.1.0.5:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.6
cpe:2.3:a:tor:tor:0.1.0.6:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.7
cpe:2.3:a:tor:tor:0.1.0.7:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.8
cpe:2.3:a:tor:tor:0.1.0.8:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.9
cpe:2.3:a:tor:tor:0.1.0.9:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.10
cpe:2.3:a:tor:tor:0.1.0.10:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.11
cpe:2.3:a:tor:tor:0.1.0.11:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.12
cpe:2.3:a:tor:tor:0.1.0.12:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.13
cpe:2.3:a:tor:tor:0.1.0.13:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.14
cpe:2.3:a:tor:tor:0.1.0.14:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.15
cpe:2.3:a:tor:tor:0.1.0.15:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.16
cpe:2.3:a:tor:tor:0.1.0.16:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.17
cpe:2.3:a:tor:tor:0.1.0.17:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.18
cpe:2.3:a:tor:tor:0.1.0.18:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.0.19
cpe:2.3:a:tor:tor:0.1.0.19:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.1
cpe:2.3:a:tor:tor:0.1.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.1.1
cpe:2.3:a:tor:tor:0.1.1.1:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.1.1
cpe:2.3:a:tor:tor:0.1.1.1:alpha:*:*:*:*:*:*
tor
tor
>>tor>>0.1.1.2
cpe:2.3:a:tor:tor:0.1.1.2:*:*:*:*:*:*:*
tor
tor
>>tor>>0.1.1.2
cpe:2.3:a:tor:tor:0.1.1.2:alpha:*:*:*:*:*:*
tor
tor
>>tor>>0.1.1.3
cpe:2.3:a:tor:tor:0.1.1.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.debian.org/security/2011/dsa-2363cve@mitre.org
N/A
https://blog.torproject.org/blog/tor-02235-released-security-patchescve@mitre.org
Patch
Vendor Advisory
http://www.debian.org/security/2011/dsa-2363af854a3a-2127-422b-91ae-364da2661108
N/A
https://blog.torproject.org/blog/tor-02235-released-security-patchesaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2363
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://blog.torproject.org/blog/tor-02235-released-security-patches
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2363
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://blog.torproject.org/blog/tor-02235-released-security-patches
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

383Records found

CVE-2012-3518
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.77% / 84.60%
||
7 Day CHG~0.00%
Published-26 Aug, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1924
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.82% / 84.82%
||
7 Day CHG~0.00%
Published-14 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0427
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.44% / 90.23%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1676
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.88% / 93.99%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-torn/a
Product-torn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2168
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.6||HIGH
EPSS-2.75% / 84.42%
||
7 Day CHG~0.00%
Published-02 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_te_softwaretelepresence_tc_softwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-1246
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-5.69% / 92.07%
||
7 Day CHG~0.00%
Published-03 Mar, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.

Action-Not Available
Vendor-mplayern/a
Product-mplayern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4630
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-3.91% / 89.01%
||
7 Day CHG~0.00%
Published-20 Jun, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ar_150ar_200ar_3200ar_1200ar_2200n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0509
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-7.21% / 93.55%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_netcool_system_service_monitorstivoli_netcool_application_service_monitorsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0930
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-2.75% / 84.42%
||
7 Day CHG~0.00%
Published-31 Jan, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-alphastorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6133
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-52.02% / 98.82%
||
7 Day CHG~0.00%
Published-28 Nov, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

Action-Not Available
Vendor-businessobjectsn/aMicrosoft Corporation
Product-visual_studio_.netcrystal_reports_xin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0638
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.44% / 82.36%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0634
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.23% / 80.57%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0639
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.44% / 82.35%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0648
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.44% / 82.35%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0636
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.44% / 82.35%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitsafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8674
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-8.89% / 94.59%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10edgeMicrosoft Scripting Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2815
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.29% / 81.09%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3237
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.68% / 83.98%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3236
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.68% / 83.98%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3239
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.30% / 81.21%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2820
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.29% / 81.09%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2811
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.22% / 80.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2866
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.50% / 82.79%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2816
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.29% / 81.09%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2354
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.67% / 83.88%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2338
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.62% / 83.58%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2356
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.67% / 83.91%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2352
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-2.67% / 83.88%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1087
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.6||HIGH
EPSS-8.07% / 94.10%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.

Action-Not Available
Vendor-n/aVideoLAN
Product-vlc_media_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0117
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.66%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0155
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.71% / 84.15%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0143
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0142
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0164
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.65% / 83.81%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0115
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-3.18% / 86.50%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowssafarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0128
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.66%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0145
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0153
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0141
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0131
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.66%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0020
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.6||HIGH
EPSS-18.94% / 96.95%
||
7 Day CHG~0.00%
Published-24 Jan, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

Action-Not Available
Vendor-pangon/aThe GNOME Project
Product-pangon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0136
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0151
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0124
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0114
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.66%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0112
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0127
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.66%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0111
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0150
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0147
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-2.63% / 83.67%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswebkitwindows_7windows_vistawindows_xpwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found