CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-X7VQ-MPJ3-3XG4
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531.
{
"affected": [],
"aliases": [
"CVE-2021-31476"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-16T23:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13531.",
"id": "GHSA-x7vq-mpj3-3xg4",
"modified": "2022-05-24T19:05:37Z",
"published": "2022-05-24T19:05:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31476"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-614"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X98R-F5PV-92P5
Vulnerability from github – Published: 2022-01-04 00:00 – Updated: 2025-05-22 21:30The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
{
"affected": [],
"aliases": [
"CVE-2021-39987"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-03T22:15:00Z",
"severity": "HIGH"
},
"details": "The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.",
"id": "GHSA-x98r-f5pv-92p5",
"modified": "2025-05-22T21:30:33Z",
"published": "2022-01-04T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39987"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XC3Q-X7GF-F2J9
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Access of resource using incompatible type ('type confusion') in Windows Connected User Experiences and Telemetry allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50421"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:45Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Connected User Experiences and Telemetry allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-xc3q-x7gf-f2j9",
"modified": "2026-07-14T18:32:22Z",
"published": "2026-07-14T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50421"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50421"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XCMH-FGQ9-R6JC
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 18:30Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-12381"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T01:40:28Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-xcmh-fgq9-r6jc",
"modified": "2024-12-12T18:30:55Z",
"published": "2024-12-12T03:33:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12381"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/381696874"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XF3X-92J4-VRPC
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker.
{
"affected": [],
"aliases": [
"CVE-2021-31317"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-18T20:15:00Z",
"severity": "MODERATE"
},
"details": "Telegram Android \u003c7.1.0 (2090), Telegram iOS \u003c7.1, and Telegram macOS \u003c7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram\u0027s heap memory out-of-bounds on a victim device via a malicious animated sticker.",
"id": "GHSA-xf3x-92j4-vrpc",
"modified": "2022-05-24T19:02:40Z",
"published": "2022-05-24T19:02:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31317"
},
{
"type": "WEB",
"url": "https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion"
},
{
"type": "WEB",
"url": "https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XG2F-3225-7HXR
Vulnerability from github – Published: 2025-07-07 18:32 – Updated: 2025-07-07 18:32An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.
{
"affected": [],
"aliases": [
"CVE-2025-7259"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-07T16:15:30Z",
"severity": "MODERATE"
},
"details": "An authorized user can issue queries with duplicate _id fields, that leads to unexpected behavior in MongoDB Server, which may result to crash. This issue can only be triggered by authorized users and cause Denial of Service. This issue affects MongoDB Server v8.1 version 8.1.0.",
"id": "GHSA-xg2f-3225-7hxr",
"modified": "2025-07-07T18:32:27Z",
"published": "2025-07-07T18:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7259"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-102693"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XG83-G9FG-RFHV
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-30513"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-04T18:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-xg83-g9fg-rfhv",
"modified": "2022-05-24T19:04:02Z",
"published": "2022-05-24T19:04:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30513"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1200490"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-06"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XH29-R2W5-WX8M
Vulnerability from github – Published: 2022-05-23 23:15 – Updated: 2025-05-27 14:51Summary
Nokogiri < v1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers. For CRuby users, this may allow specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory.
Severity
The Nokogiri maintainers have evaluated this as High 8.2 (CVSS3.1).
Mitigation
CRuby users should upgrade to Nokogiri >= 1.13.6.
JRuby users are not affected.
Workarounds
To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling #to_s or equivalent.
Credit
This vulnerability was responsibly reported by @agustingianni and the Github Security Lab.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29181"
],
"database_specific": {
"cwe_ids": [
"CWE-241",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-23T23:15:15Z",
"nvd_published_at": "2022-05-20T19:15:00Z",
"severity": "HIGH"
},
"details": "### Summary\n\nNokogiri `\u003c v1.13.6` does not type-check all inputs into the XML and HTML4 SAX parsers. For CRuby users, this may allow specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory.\n\n### Severity\n\nThe Nokogiri maintainers have evaluated this as **High 8.2** (CVSS3.1).\n\n\n### Mitigation\n\nCRuby users should upgrade to Nokogiri `\u003e= 1.13.6`.\n\nJRuby users are not affected.\n\n\n### Workarounds\n\nTo avoid this vulnerability in affected applications, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.\n\n\n### Credit\n\nThis vulnerability was responsibly reported by @agustingianni and the Github Security Lab.",
"id": "GHSA-xh29-r2w5-wx8m",
"modified": "2025-05-27T14:51:05Z",
"published": "2022-05-23T23:15:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29181"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sparklemotion/nokogiri"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-29"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213532"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Nokogiri Improperly Handles Unexpected Data Type"
}
GHSA-XHPV-HC6G-R9C6
Vulnerability from github – Published: 2026-03-27 18:21 – Updated: 2026-03-30 20:08Summary
A crafted object placed in the template context can bypass all conditional guards in resolvePartial() and cause invokePartial() to return undefined. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to env.compile(). Because the object is a valid Handlebars AST containing injected code, the generated JavaScript executes arbitrary commands on the server. The attack requires the adversary to control a value that can be returned by a dynamic partial lookup.
Description
The vulnerable code path spans two functions in lib/handlebars/runtime.js:
resolvePartial(): A crafted object with call: true satisfies the first branch condition (partial.call) and causes an early return of the original object itself, because none of the remaining conditionals (string check, options.partials lookup, etc.) match a plain object. The function returns the crafted object as-is.
invokePartial(): When resolvePartial returns a non-function object, invokePartial produces undefined. The runtime interprets undefined as "partial not yet compiled" and calls env.compile(partial, ...) where partial is the crafted AST object. The JavaScript code generator processes the AST and emits JavaScript containing the injected payload, which is then evaluated.
Minimum prerequisites:
1. The template uses a dynamic partial lookup: {{> (lookup . "key")}} or equivalent.
2. The adversary can set the value of the looked-up context property to a crafted object.
In server-side rendering scenarios where templates process user-supplied context data, this enables full Remote Code Execution.
Proof of Concept
const Handlebars = require('handlebars');
const vulnerableTemplate = `{{> (lookup . "payload")}}`;
const maliciousContext = {
payload: {
call: true, // bypasses the primary resolvePartial branch
type: "Program",
body: [
{
type: "MustacheStatement",
depth: 0,
path: {
type: "PathExpression",
parts: ["pop"],
original: "this.pop",
// Injected code breaks out of the generated function's argument list
depth: "0])),function () {console.error('VULNERABLE: object -> dynamic partial -> RCE');}()));//",
},
},
],
},
};
Handlebars.compile(vulnerableTemplate)(maliciousContext);
// Prints: VULNERABLE: object -> dynamic partial -> RCE
Workarounds
- Use the runtime-only build (
require('handlebars/runtime')). Withoutcompile(), the fallback compilation path ininvokePartialis unreachable. - Sanitize context data before rendering: ensure no value in the context is a non-primitive object that could be passed to a dynamic partial.
- Avoid dynamic partial lookups (
{{> (lookup ...)}}) when context data is user-controlled.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.7.8"
},
"package": {
"ecosystem": "npm",
"name": "handlebars"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.7.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33940"
],
"database_specific": {
"cwe_ids": [
"CWE-843",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-27T18:21:44Z",
"nvd_published_at": "2026-03-27T22:16:21Z",
"severity": "HIGH"
},
"details": "## Summary\n\nA crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to `env.compile()`. Because the object is a valid Handlebars AST containing injected code, the generated JavaScript executes arbitrary commands on the server. The attack requires the adversary to control a value that can be returned by a dynamic partial lookup.\n\n## Description\n\nThe vulnerable code path spans two functions in `lib/handlebars/runtime.js`:\n\n**`resolvePartial()`:** A crafted object with `call: true` satisfies the first branch condition (`partial.call`) and causes an early return of the original object itself, because none of the remaining conditionals (string check, `options.partials` lookup, etc.) match a plain object. The function returns the crafted object as-is.\n\n**`invokePartial()`:** When `resolvePartial` returns a non-function object, `invokePartial` produces `undefined`. The runtime interprets `undefined` as \"partial not yet compiled\" and calls `env.compile(partial, ...)` where `partial` is the crafted AST object. The JavaScript code generator processes the AST and emits JavaScript containing the injected payload, which is then evaluated.\n\n**Minimum prerequisites:**\n1. The template uses a dynamic partial lookup: `{{\u003e (lookup . \"key\")}}` or equivalent.\n2. The adversary can set the value of the looked-up context property to a crafted object.\n\nIn server-side rendering scenarios where templates process user-supplied context data, this enables full Remote Code Execution.\n\n## Proof of Concept\n\n```javascript\nconst Handlebars = require(\u0027handlebars\u0027);\n\nconst vulnerableTemplate = `{{\u003e (lookup . \"payload\")}}`;\n\nconst maliciousContext = {\n payload: {\n call: true, // bypasses the primary resolvePartial branch\n type: \"Program\",\n body: [\n {\n type: \"MustacheStatement\",\n depth: 0,\n path: {\n type: \"PathExpression\",\n parts: [\"pop\"],\n original: \"this.pop\",\n // Injected code breaks out of the generated function\u0027s argument list\n depth: \"0])),function () {console.error(\u0027VULNERABLE: object -\u003e dynamic partial -\u003e RCE\u0027);}()));//\",\n },\n },\n ],\n },\n};\n\nHandlebars.compile(vulnerableTemplate)(maliciousContext);\n// Prints: VULNERABLE: object -\u003e dynamic partial -\u003e RCE\n```\n\n## Workarounds\n\n- **Use the runtime-only build** (`require(\u0027handlebars/runtime\u0027)`). Without `compile()`, the fallback compilation path in `invokePartial` is unreachable.\n- **Sanitize context data** before rendering: ensure no value in the context is a non-primitive object that could be passed to a dynamic partial.\n- **Avoid dynamic partial lookups** (`{{\u003e (lookup ...)}}`) when context data is user-controlled.",
"id": "GHSA-xhpv-hc6g-r9c6",
"modified": "2026-03-30T20:08:33Z",
"published": "2026-03-27T18:21:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33940"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2"
},
{
"type": "PACKAGE",
"url": "https://github.com/handlebars-lang/handlebars.js"
},
{
"type": "WEB",
"url": "https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial"
}
GHSA-XHQ8-8CQJ-Q337
Vulnerability from github – Published: 2022-05-14 02:15 – Updated: 2025-10-22 03:30Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
{
"affected": [],
"aliases": [
"CVE-2011-0611"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-04-13T14:55:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a \"group of included constants,\" object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.",
"id": "GHSA-xhq8-8cqj-q337",
"modified": "2025-10-22T03:30:29Z",
"published": "2022-05-14T02:15:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0611"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66681"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14175"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-0611"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx"
},
{
"type": "WEB",
"url": "http://bugix-security.blogspot.com/2011/04/cve-2011-0611-adobe-flash-zero-day.html"
},
{
"type": "WEB",
"url": "http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00004.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44119"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44141"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44149"
},
{
"type": "WEB",
"url": "http://secunia.com/blog/210"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/8204"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/8292"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/advisories/apsa11-02.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-07.html"
},
{
"type": "WEB",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-08.html"
},
{
"type": "WEB",
"url": "http://www.exploit-db.com/exploits/17175"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/230057"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0451.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47314"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025324"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1025325"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0922"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0923"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0924"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.