High · CVSS 7.8 · CISA KEV
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
Published Mar 15, 2011 · Updated Oct 22, 2025
High · CVSS 8.8
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
Published Mar 22, 2012 · Updated Jun 9, 2025
High · CVSS 7.8
SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
Published Mar 9, 2011 · Updated Jan 21, 2025
High · CVSS 7.5
Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.
Published Mar 3, 2011 · Updated Oct 21, 2024
High · CVSS 7.4
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."
Published Mar 9, 2011 · Updated Oct 17, 2024
Unknown · CVSS Not scored
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246 allows attackers to read the contents of memory locations via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
Published Mar 11, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.
Published Mar 21, 2013 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.
Published Mar 1, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
Published Mar 16, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.
Published Mar 1, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
Published Mar 23, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.
Published Mar 8, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges.
Published Mar 20, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
Published Mar 8, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Mar 15, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Published Mar 19, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.
Published Mar 20, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses.
Published Mar 8, 2011 · Updated Sep 16, 2024
High · CVSS 8.1
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
Published Mar 20, 2018 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
Published Mar 30, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call.
Published Mar 8, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
Published Mar 11, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication.
Published Mar 8, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.
Published Mar 23, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
Published Mar 14, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors related to improper list management for Cascading Style Sheets (CSS) @font-face rules.
Published Mar 2, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
Published Mar 20, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers.
Published Mar 20, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.
Published Mar 8, 2011 · Updated Sep 16, 2024