Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-2118

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-18 May, 2012 | 22:00
Updated At-06 Aug, 2024 | 19:26
Rejected At-
Credits

Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:18 May, 2012 | 22:00
Updated At:06 Aug, 2024 | 19:26
Rejected At:
▼CVE Numbering Authority (CNA)

Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/53150
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/74930
vdb-entry
x_refsource_XF
http://patchwork.freedesktop.org/patch/10001/
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/04/19/2
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/04/18/8
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/53150
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74930
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://patchwork.freedesktop.org/patch/10001/
Resource:
x_refsource_MISC
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/19/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/18/8
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/53150
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/74930
vdb-entry
x_refsource_XF
x_transferred
http://patchwork.freedesktop.org/patch/10001/
x_refsource_MISC
x_transferred
http://www.openwall.com/lists/oss-security/2012/04/19/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2012/04/18/8
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/53150
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74930
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://patchwork.freedesktop.org/patch/10001/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/19/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/18/8
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:18 May, 2012 | 22:55
Updated At:29 Apr, 2026 | 01:13

Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
X.Org Foundation
x.org
>>x11>>1.11
cpe:2.3:a:x.org:x11:1.11:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://patchwork.freedesktop.org/patch/10001/secalert@redhat.com
Patch
http://www.openwall.com/lists/oss-security/2012/04/18/8secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/04/19/2secalert@redhat.com
N/A
http://www.securityfocus.com/bid/53150secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/74930secalert@redhat.com
N/A
http://patchwork.freedesktop.org/patch/10001/af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.openwall.com/lists/oss-security/2012/04/18/8af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/04/19/2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/53150af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/74930af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://patchwork.freedesktop.org/patch/10001/
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/18/8
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/19/2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/53150
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74930
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://patchwork.freedesktop.org/patch/10001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/18/8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/19/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/53150
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74930
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

378Records found
CVE-2004-0914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.17% / 84.49%
||
7 Day CHG~0.00%
Published-15 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Action-Not Available
Vendor-lesstifxfree86_projectn/aGentoo Foundation, Inc.X.Org FoundationRed Hat, Inc.SUSE
Product-x11r6linuxsuse_linuxfedora_corelesstifn/a
CVE-1999-0526
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-72.65% / 98.80%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-x11n/a
CVE-2006-6102
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-6.43% / 91.16%
||
7 Day CHG~0.00%
Published-09 Jan, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Action-Not Available
Vendor-xfree86_projectn/aX.Org Foundation
Product-xfree86_x_serverx.orgn/a
CVE-2017-12186
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 73.42%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2018-14598
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.03% / 86.80%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxCanonical Ltd.X.Org Foundation
Product-debian_linuxlibx11fedoraubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4818
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.5||HIGH
EPSS-2.85% / 86.38%
||
7 Day CHG~0.00%
Published-05 Sep, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-x.orgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12184
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.95%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2017-12180
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.40%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2017-12181
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.95%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2017-12183
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.40%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2017-12176
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 76.56%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2016-7952
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.86% / 75.22%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.

Action-Not Available
Vendor-n/aX.Org FoundationFedora Project
Product-libxtstfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-284
Improper Access Control
CVE-2022-44617
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-libxpmlibXpm
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-12178
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.40%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2017-12187
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 73.76%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2017-12185
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.95%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-n/aX.Org FoundationDebian GNU/Linux
Product-debian_linuxx_servern/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2017-12182
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 76.56%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 15:00
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

Action-Not Available
Vendor-X.Org FoundationDebian GNU/Linux
Product-debian_linuxx_serverxorg-x11-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-391
Unchecked Error Condition
CVE-2016-7949
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-4.76% / 89.56%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.

Action-Not Available
Vendor-n/aX.Org FoundationFedora Project
Product-libxrenderfedoran/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-0545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-93.94% / 99.89%
||
7 Day CHG~0.00%
Published-12 Feb, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.

Action-Not Available
Vendor-zeroshelln/a
Product-zeroshelln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29499
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-88.62% / 99.52%
||
7 Day CHG~0.00%
Published-26 Apr, 2022 | 01:13
Updated-03 Nov, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-18||Apply updates per vendor instructions.

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-mivoice_connectn/aMiVoice Connect
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.38% / 91.12%
||
7 Day CHG~0.00%
Published-08 Jun, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.

Action-Not Available
Vendor-mhfmedian/a
Product-ads_pron/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.00% / 89.81%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.

Action-Not Available
Vendor-puppetmastern/a
Product-webutiln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6556
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.19% / 84.55%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command.

Action-Not Available
Vendor-puppet_mastern/a
Product-webutiln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.19% / 84.55%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.

Action-Not Available
Vendor-puppetmastern/a
Product-webutiln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.70% / 88.09%
||
7 Day CHG~0.00%
Published-02 Jan, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

Action-Not Available
Vendor-fujitsu-siemensn/a
Product-webtransactionsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-14343
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-13.70% / 94.34%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 00:00
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Action-Not Available
Vendor-pyyamln/aOracle Corporation
Product-communications_cloud_native_core_network_function_cloud_native_environmentpyyamlPyYAML
CWE ID-CWE-20
Improper Input Validation
CVE-2016-10501
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 02:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwarefsm9055sd_412sd_808_firmwaresd_400sd_415sd_616sd_425sd_430_firmwaremdm9607_firmwaresd_615mdm9655_firmwaresd_650_firmwaresd_625sd_615_firmwaremsm8909w_firmwaremdm9607sd_210sd_650sd_808fsm9055_firmwaresd_450_firmwaresd_800sd_410sd_617sd_400_firmwaremdm9206sd_652sd_425_firmwaresd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450mdm9655sd_412_firmwaremdm9635mmdm9206_firmwaresd_430sd_810sd_835_firmwaresd_410_firmwaresd_835sd_205sd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Mobile, Snapdragon Wear, Small Cell SoC
CWE ID-CWE-20
Improper Input Validation
CVE-2005-0050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-55.49% / 98.10%
||
7 Day CHG~0.00%
Published-08 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9049
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 28.27%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9061
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 28.27%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5014
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-25.20% / 96.25%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-thunderbirddebian_linuxubuntu_linuxseamonkeyfirefoxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4770
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.82% / 90.62%
||
7 Day CHG~0.00%
Published-16 Jan, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type."

Action-Not Available
Vendor-realvncn/a
Product-realvncn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0850
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-10||HIGH
EPSS-6.68% / 91.33%
||
7 Day CHG~0.00%
Published-02 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.

Action-Not Available
Vendor-fusionforgen/a
Product-fusionforgen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.50% / 87.73%
||
7 Day CHG~0.00%
Published-08 Feb, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9048
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 28.27%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-20
Improper Input Validation
CVE-2015-9151
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 42.81%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, userspace-provided pointer arguments are not validated.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwaresd_800_firmwaremdm9625_firmwaremdm9635msd_800sd_400mdm9625sd_400_firmwareSnapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4329
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.78% / 88.18%
||
7 Day CHG~0.00%
Published-30 Sep, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter.

Action-Not Available
Vendor-openenginen/a
Product-openenginen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-4910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.25% / 91.70%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_web_startn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1350
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-93.81% / 99.86%
||
7 Day CHG-0.01%
Published-14 Jul, 2020 | 22:54
Updated-29 Oct, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2019windows_server_2016windows_server_2012Windows ServerWindows Server, version 1909 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0840
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-36.74% / 97.19%
||
7 Day CHG~0.00%
Published-16 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_serverwindows_xpwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1425
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.68% / 88.05%
||
7 Day CHG~0.00%
Published-20 Oct, 2007 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.64% / 91.95%
||
7 Day CHG~0.00%
Published-24 Oct, 2007 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

Action-Not Available
Vendor-phorumn/a
Product-phorumn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0301
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.40% / 91.81%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneladobe_air_sdk_and_compilern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0701
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||HIGH
EPSS-1.07% / 77.95%
||
7 Day CHG~0.00%
Published-07 May, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_system_central_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-2365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.94% / 83.61%
||
7 Day CHG~0.00%
Published-31 Oct, 2007 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.

Action-Not Available
Vendor-springer_verlag_berlin_heidelbergn/a
Product-simple_waisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-1874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.91% / 83.49%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.

Action-Not Available
Vendor-astrocamn/a
Product-astrocamn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-2236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.06% / 88.64%
||
7 Day CHG~0.00%
Published-14 Oct, 2007 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-apt-www-proxyn/a
Product-apt-www-proxyn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8836
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-1.20% / 79.10%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8824
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-0.98% / 76.99%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-9971
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 52.26%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidSnapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found