Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2003-0352

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Jul, 2003 | 04:00
Updated At-08 Aug, 2024 | 01:50
Rejected At-
Credits

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Jul, 2003 | 04:00
Updated At:08 Aug, 2024 | 01:50
Rejected At:
â–¼CVE Numbering Authority (CNA)

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
vdb-entry
x_refsource_XF
http://www.cert.org/advisories/CA-2003-16.html
third-party-advisory
x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/bid/8205
vdb-entry
x_refsource_BID
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
mailing-list
x_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=105914789527294&w=2
mailing-list
x_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
mailing-list
x_refsource_FULLDISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
vdb-entry
signature
x_refsource_OVAL
http://www.kb.cert.org/vuls/id/568148
third-party-advisory
x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=105838687731618&w=2
mailing-list
x_refsource_BUGTRAQ
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
vendor-advisory
x_refsource_MS
http://www.cert.org/advisories/CA-2003-19.html
third-party-advisory
x_refsource_CERT
http://www.xfocus.org/documents/200307/2.html
x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.cert.org/advisories/CA-2003-16.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/bid/8205
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://marc.info/?l=bugtraq&m=105914789527294&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.kb.cert.org/vuls/id/568148
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://marc.info/?l=bugtraq&m=105838687731618&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: http://www.cert.org/advisories/CA-2003-19.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.xfocus.org/documents/200307/2.html
Resource:
x_refsource_MISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
Resource:
vdb-entry
signature
x_refsource_OVAL
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
vdb-entry
x_refsource_XF
x_transferred
http://www.cert.org/advisories/CA-2003-16.html
third-party-advisory
x_refsource_CERT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/bid/8205
vdb-entry
x_refsource_BID
x_transferred
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://marc.info/?l=bugtraq&m=105914789527294&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
mailing-list
x_refsource_FULLDISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.kb.cert.org/vuls/id/568148
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://marc.info/?l=bugtraq&m=105838687731618&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
vendor-advisory
x_refsource_MS
x_transferred
http://www.cert.org/advisories/CA-2003-19.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.xfocus.org/documents/200307/2.html
x_refsource_MISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.cert.org/advisories/CA-2003-16.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/bid/8205
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=105914789527294&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/568148
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=105838687731618&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://www.cert.org/advisories/CA-2003-19.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.xfocus.org/documents/200307/2.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Aug, 2003 | 04:00
Updated At:16 Apr, 2026 | 00:27

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>enterprise
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>enterprise_64-bit
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>r2
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>r2
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>standard
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>web
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_nt>>4.0
cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.htmlcve@mitre.org
N/A
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=105838687731618&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=105914789527294&w=2cve@mitre.org
N/A
http://www.cert.org/advisories/CA-2003-16.htmlcve@mitre.org
US Government Resource
http://www.cert.org/advisories/CA-2003-19.htmlcve@mitre.org
US Government Resource
http://www.kb.cert.org/vuls/id/568148cve@mitre.org
US Government Resource
http://www.securityfocus.com/bid/8205cve@mitre.org
Exploit
Patch
Vendor Advisory
http://www.xfocus.org/documents/200307/2.htmlcve@mitre.org
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/12629cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296cve@mitre.org
N/A
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=105838687731618&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=105914789527294&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.cert.org/advisories/CA-2003-16.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.cert.org/advisories/CA-2003-19.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.kb.cert.org/vuls/id/568148af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.securityfocus.com/bid/8205af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Vendor Advisory
http://www.xfocus.org/documents/200307/2.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/12629af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=105838687731618&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=105914789527294&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.cert.org/advisories/CA-2003-16.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.cert.org/advisories/CA-2003-19.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/568148
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/8205
Source: cve@mitre.org
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.xfocus.org/documents/200307/2.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=105838687731618&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=105914789527294&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.cert.org/advisories/CA-2003-16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.cert.org/advisories/CA-2003-19.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/568148
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/8205
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.xfocus.org/documents/200307/2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/12629
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

758Records found
CVE-2021-20021
Matching Score-8
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-8
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-91.70% / 99.69%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:50
Updated-10 Nov, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Action-Not Available
Vendor-Microsoft CorporationSonicWall Inc.
Product-email_security_appliance_7050_firmwareemail_security_appliance_9000email_security_appliance_8300_firmwareemail_securityhosted_email_securityemail_security_appliance_7000email_security_appliance_5000email_security_appliance_3300email_security_appliance_4300_firmwareemail_security_appliance_7000_firmwareemail_security_appliance_7050email_security_appliance_5050_firmwareemail_security_appliance_4300email_security_appliance_8300email_security_appliance_5000_firmwarewindowsemail_security_appliance_9000_firmwareemail_security_virtual_applianceemail_security_appliance_3300_firmwareemail_security_appliance_5050Email SecuritySonicWall Email Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-9671
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.63%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 00:00
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-creative_cloud_desktop_applicationwindowsAdobe Creative Cloud Desktop Application
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-4640
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 29.93%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 15:15
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowssecurity_secret_serverSecurity Secret Server
CWE ID-CWE-346
Origin Validation Error
CVE-2020-9669
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.92% / 76.07%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 23:59
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudAdobe Creative Cloud Desktop Application
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7883
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.77% / 73.66%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 19:12
Updated-17 Sep, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.

Action-Not Available
Vendor-wowsoftWOWSOFTMicrosoft Corporation
Product-windowsprintchaserPrintchaser
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7812
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.40%
||
7 Day CHG~0.00%
Published-28 May, 2020 | 13:12
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.

Action-Not Available
Vendor-kaoniKaoniMicrosoft Corporation
Product-windowsezhttptransezHTTPTrans
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7878
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 56.52%
||
7 Day CHG~0.00%
Published-28 Dec, 2021 | 19:09
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.

Action-Not Available
Vendor-4nb4NBMicrosoft Corporation
Product-windowsvideoofficeVideoOffice
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-7806
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 64.40%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:50
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft Xplatform ActiveX File Download Vulnerability

Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution.

Action-Not Available
Vendor-tobesoftTobesoftMicrosoft Corporation
Product-windowsxplatformXplatform
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7820
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.66%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 12:40
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC

Action-Not Available
Vendor-nexawebTobesoftMicrosoft Corporation
Product-windowsnexacro_17nexacro_14NEXACRO14/17 ExCommonApiV13
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7832
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.07% / 77.90%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 14:47
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RAONWIZ DEXT5 Upload remote code execution vulnerability

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

Action-Not Available
Vendor-dext5RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation
Product-windowsdext5DEXT5 Upload
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7821
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.66%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 12:37
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability

Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC

Action-Not Available
Vendor-nexawebTobesoftMicrosoft Corporation
Product-windowsnexacro_17nexacro_14NEXACRO14/17 ExCommonApiV13
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4693
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.62% / 70.03%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 18:25
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protect_operations_centerwindowslinux_kernelSpectrum Protect Operations Center
CWE ID-CWE-20
Improper Input Validation
CVE-2020-4879
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.70% / 72.16%
||
7 Day CHG-0.20%
Published-21 Jan, 2022 | 17:20
Updated-16 Sep, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowscognos_controllerCognos Controller
CWE ID-CWE-287
Improper Authentication
CVE-2020-3784
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 93.13%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3943
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 82.56%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 20:04
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Microsoft Corporation
Product-windowsvrealize_operationsvRealize Operations for Horizon Adapter
CVE-2020-3793
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.08% / 96.41%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 15:58
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3792
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.08% / 96.41%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 15:56
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-3795
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-14.19% / 94.41%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 15:58
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3797
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 93.13%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 16:00
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3785
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 93.13%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3787
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.06% / 93.13%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2003-0665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-44.36% / 97.58%
||
7 Day CHG~0.00%
Published-04 Sep, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-accessn/a
CVE-2020-3783
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.98% / 96.20%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:31
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3801
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.81% / 95.16%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 17:15
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2020-26301
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-5.07% / 89.84%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 19:40
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command injection in mscdex/ssh2

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.

Action-Not Available
Vendor-ssh2_projectmscdexMicrosoft Corporation
Product-windowsssh2ssh2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-19169
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 77.81%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:54
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.

Action-Not Available
Vendor-RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation
Product-activexdext5Dext.ocx ActiveX Control in Dext5 Upload
CVE-2020-19510
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.87%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 18:04
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.

Action-Not Available
Vendor-textpatternn/aMicrosoft Corporation
Product-windowstextpatternn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-17082
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-9.64% / 92.93%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Raw Image Extension Remote Code Execution Vulnerability

Raw Image Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-raw_image_extensionRaw Image Extension
CVE-2020-16904
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.43% / 85.25%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-23 Feb, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Functions Elevation of Privilege Vulnerability

<p>An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.</p> <p>An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.</p> <p>This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_functionsAzure Functions
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-17090
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-5.92% / 90.67%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows Server, version 1903 (Server Core installation)Windows 10 Version 20H2
CVE-2020-13417
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.17% / 78.82%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 20:47
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncAviatrix Systems, Inc.Apple Inc.Microsoft Corporation
Product-linux_kernelcontrollervpn_clientwindowsmacosgatewayn/a
CVE-2020-10964
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.82% / 88.18%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 21:53
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.

Action-Not Available
Vendor-s9yn/aMicrosoft Corporation
Product-windowsserendipityn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0901
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-45.86% / 97.65%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft ExcelMicrosoft OfficeMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit Systems
CVE-2020-1026
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 80.97%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-research_javascript_cryptography_libraryMicrosoft Research JavaScript Cryptography Library V1.4
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-9855
Matching Score-8
Assigner-Document Foundation, The
ShareView Details
Matching Score-8
Assigner-Document Foundation, The
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 63.10%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 18:40
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows 8.3 path equivalence handling flaw allows LibreLogo script execution

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.

Action-Not Available
Vendor-libreofficeDocument FoundationopenSUSEMicrosoft Corporation
Product-windowslibreofficeleapLibreOffice
CWE ID-CWE-417
Not Available
CVE-2019-8061
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.70%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:08
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8031
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.70%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:52
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8015
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-33.24% / 96.94%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:43
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8006
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.87% / 96.49%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:38
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8036
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.70%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:53
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8236
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.09%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 20:46
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudmacosAdobe Creative Cloud Desktop application
CVE-2019-8197
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-39.72% / 97.34%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:23
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8023
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-16.16% / 94.84%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:44
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8029
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.70%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:49
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8044
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-37.21% / 97.19%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:57
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-415
Double Free
CVE-2019-8206
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.30% / 87.30%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:24
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8211
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 90.05%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8215
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 90.05%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8016
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.29% / 91.71%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:42
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8214
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 90.05%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found