LiveActive security incident?Get immediate response
CVE archive

March 2011

Browse CVE records published in March 2011, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 388 matching CVEs · Page 1 of 8.

High · CVSS 7.8 · CISA KEV

CVE-2011-0609: Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and So...

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

Published Mar 15, 2011 · Updated Oct 22, 2025

High · CVSS 8.8

CVE-2011-3045: Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used i...

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Published Mar 22, 2012 · Updated Jun 9, 2025

High · CVSS 7.8

CVE-2011-0042: SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows X...

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

Published Mar 9, 2011 · Updated Jan 21, 2025

High · CVSS 7.4

CVE-2011-0029: Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and...

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."

Published Mar 9, 2011 · Updated Oct 17, 2024

Unknown · CVSS Not scored

CVE-2011-1321: The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1....

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).

Published Mar 8, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-4486: Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)...

Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.

Published Mar 1, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-1428: Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server...

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

Published Mar 16, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-1312: The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and...

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.

Published Mar 8, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-1318: Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in...

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.

Published Mar 8, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-4487: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before...

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

Published Mar 1, 2012 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-1320: The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0...

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.

Published Mar 8, 2011 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2011-0173: Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-depende...

Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

Published Mar 23, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1311: The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 applicati...

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

Published Mar 8, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1317: Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM We...

Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses.

Published Mar 8, 2011 · Updated Sep 16, 2024

High · CVSS 8.1

CVE-2011-3178: openbuildservice webui code injection

In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

Published Mar 20, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1550: The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in di...

The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.

Published Mar 30, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1313: Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before...

Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call.

Published Mar 8, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-0432: Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServe...

Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.

Published Mar 14, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-5272: SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated u...

SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers.

Published Mar 20, 2014 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2011-1310: The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0...

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.

Published Mar 8, 2011 · Updated Sep 16, 2024