The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.
Max CVSS
9.3
EPSS Score
2.77%
Published
2011-12-27
Updated
2017-08-29
Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
6.8
EPSS Score
1.10%
Published
2011-10-04
Updated
2020-05-11
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
10.0
EPSS Score
1.24%
Published
2011-08-29
Updated
2020-05-19
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
Max CVSS
9.3
EPSS Score
2.72%
Published
2011-07-28
Updated
2017-08-29
Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20110510, the only disclosure is a vague advisory that possibly relates to multiple vulnerabilities or multiple products. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Max CVSS
9.3
EPSS Score
0.79%
Published
2011-05-10
Updated
2017-09-19

CVE-2011-1823

Known exploited
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
Max CVSS
7.2
EPSS Score
0.07%
Published
2011-06-09
Updated
2017-08-17
CISA KEV Added
2022-09-08
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
Max CVSS
10.0
EPSS Score
0.72%
Published
2011-05-26
Updated
2020-05-22
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
10.0
EPSS Score
1.32%
Published
2011-05-26
Updated
2020-05-22
Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
9.3
EPSS Score
5.68%
Published
2011-04-15
Updated
2020-05-29
Use-after-free vulnerability in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
9.3
EPSS Score
3.90%
Published
2011-04-15
Updated
2020-05-29
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.
Max CVSS
10.0
EPSS Score
2.71%
Published
2011-04-15
Updated
2019-07-18
dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method.
Max CVSS
4.3
EPSS Score
0.28%
Published
2011-07-08
Updated
2011-09-07
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
Max CVSS
6.8
EPSS Score
0.99%
Published
2011-02-04
Updated
2020-06-05

CVE-2011-0611

Known exploited
Public exploit
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Max CVSS
9.3
EPSS Score
97.16%
Published
2011-04-13
Updated
2024-02-02
CISA KEV Added
2022-03-03
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."
Max CVSS
10.0
EPSS Score
4.11%
Published
2011-01-14
Updated
2020-07-24
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!