High · CVSS 8.8 · CISA KEV
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Published Apr 13, 2011 · Updated Oct 22, 2025
High · CVSS 7.8
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Published Apr 13, 2011 · Updated Jan 21, 2025
High · CVSS 7.8
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Published Apr 13, 2011 · Updated Jan 21, 2025
High · CVSS 8.8
Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
Published Apr 13, 2011 · Updated Jan 21, 2025
Critical · CVSS 9.8
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
Published Apr 13, 2011 · Updated Oct 17, 2024
High · CVSS 8.4
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Published Apr 13, 2011 · Updated Oct 17, 2024
High · CVSS 8.4
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Published Apr 13, 2011 · Updated Oct 17, 2024
Unknown · CVSS Not scored
The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability."
Published Apr 18, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Warehouse Builder User Account.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity, related to UIF Client.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB) and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Dimensional Data Modeling.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows local users to affect confidentiality via unknown vectors.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request.
Published Apr 13, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bundle #15 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Pension Administration.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.
Published Apr 3, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools 8.49 GA through 8.49.30 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.
Published Apr 18, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242.
Published Apr 5, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Application Service Level Management component in Oracle Database Server 11.1.0.7 and Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Service Level Agreements.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Apr 1, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password.
Published Apr 5, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 11.1.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Midtier Infrastructure.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bundle #19 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Learning Mgmt.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the InForm component in Oracle Industry Applications 4.5, 4.6, and 5.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
Published Apr 3, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Published Apr 12, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.9 GA through 8.98.4.1, and OneWorld Tools through 24.1.3, allows remote attackers to affect integrity and availability, related to Enterprise Infrastructure SEC.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request.
Published Apr 13, 2012 · Updated Sep 17, 2024
Medium · CVSS 5.7
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.
Published Apr 22, 2019 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality and integrity, related to Enterprise Infrastructure SEC.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors.
Published Apr 13, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site.
Published Apr 18, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13 allows remote attackers to affect integrity via unknown vectors related to Application Portal.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bundle #41 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Order Capture.
Published Apr 20, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
Published Apr 3, 2012 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.
Published Apr 20, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.
Published Apr 3, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call.
Published Apr 29, 2011 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC.
Published Apr 20, 2011 · Updated Sep 16, 2024