Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2003-0962

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Dec, 2003 | 05:00
Updated At-08 Aug, 2024 | 02:12
Rejected At-
Credits

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Dec, 2003 | 05:00
Updated At:08 Aug, 2024 | 02:12
Rejected At:
â–¼CVE Numbering Authority (CNA)

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=107055681311602&w=2
mailing-list
x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=107055684711629&w=2
vendor-advisory
x_refsource_TRUSTIX
http://secunia.com/advisories/10362
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/10364
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/10354
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
vdb-entry
x_refsource_XF
http://secunia.com/advisories/10363
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/10353
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/10357
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/10355
third-party-advisory
x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/325603
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/10358
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=107056923528423&w=2
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/10360
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/10361
third-party-advisory
x_refsource_SECUNIA
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
vendor-advisory
x_refsource_CONECTIVA
http://marc.info/?l=bugtraq&m=107055702911867&w=2
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/10474
third-party-advisory
x_refsource_SECUNIA
ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
vendor-advisory
x_refsource_SGI
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
vdb-entry
signature
x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2003-398.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/10356
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/2898
vdb-entry
x_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
vendor-advisory
x_refsource_MANDRAKE
http://www.securityfocus.com/bid/9153
vdb-entry
x_refsource_BID
http://secunia.com/advisories/10359
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/10378
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=107055681311602&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://marc.info/?l=bugtraq&m=107055684711629&w=2
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: http://secunia.com/advisories/10362
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/10364
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/10354
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/10363
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/10353
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/10357
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/10355
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.kb.cert.org/vuls/id/325603
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/10358
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=107056923528423&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/10360
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/10361
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://marc.info/?l=bugtraq&m=107055702911867&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/10474
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-398.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/10356
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/2898
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.securityfocus.com/bid/9153
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/10359
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/10378
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=107055681311602&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://marc.info/?l=bugtraq&m=107055684711629&w=2
vendor-advisory
x_refsource_TRUSTIX
x_transferred
http://secunia.com/advisories/10362
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/10364
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/10354
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/10363
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/10353
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/10357
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/10355
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.kb.cert.org/vuls/id/325603
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/10358
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=107056923528423&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/10360
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/10361
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://marc.info/?l=bugtraq&m=107055702911867&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/10474
third-party-advisory
x_refsource_SECUNIA
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
vendor-advisory
x_refsource_SGI
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.redhat.com/support/errata/RHSA-2003-398.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/10356
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/2898
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.securityfocus.com/bid/9153
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/10359
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/10378
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=107055681311602&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=107055684711629&w=2
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: http://secunia.com/advisories/10362
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/10364
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/10354
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/10363
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/10353
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/10357
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/10355
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/325603
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/10358
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=107056923528423&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/10360
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/10361
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=107055702911867&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/10474
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-398.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/10356
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/2898
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/9153
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/10359
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/10378
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Dec, 2003 | 05:00
Updated At:03 Apr, 2025 | 01:03

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
andrew_tridgell
andrew_tridgell
>>rsync>>2.3.1
cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.3.2
cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.4.0
cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.4.1
cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.4.3
cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.4.4
cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.4.5
cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.4.6
cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.4.8
cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.5.0
cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.5.1
cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.5.2
cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.5.3
cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.5.4
cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.5.5
cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*
andrew_tridgell
andrew_tridgell
>>rsync>>2.5.6
cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>rsync>>2.4.6-2
cpe:2.3:a:redhat:rsync:2.4.6-2:*:i386:*:*:*:*:*
Red Hat, Inc.
redhat
>>rsync>>2.4.6-5
cpe:2.3:a:redhat:rsync:2.4.6-5:*:i386:*:*:*:*:*
Red Hat, Inc.
redhat
>>rsync>>2.4.6-5
cpe:2.3:a:redhat:rsync:2.4.6-5:*:ia64:*:*:*:*:*
Red Hat, Inc.
redhat
>>rsync>>2.5.4-2
cpe:2.3:a:redhat:rsync:2.5.4-2:*:i386:*:*:*:*:*
Red Hat, Inc.
redhat
>>rsync>>2.5.5-1
cpe:2.3:a:redhat:rsync:2.5.5-1:*:i386:*:*:*:*:*
Red Hat, Inc.
redhat
>>rsync>>2.5.5-4
cpe:2.3:a:redhat:rsync:2.5.5-4:*:i386:*:*:*:*:*
engardelinux
engardelinux
>>secure_community>>1.0.1
cpe:2.3:o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*
engardelinux
engardelinux
>>secure_community>>2.0
cpe:2.3:o:engardelinux:secure_community:2.0:*:*:*:*:*:*:*
engardelinux
engardelinux
>>secure_linux>>1.1
cpe:2.3:o:engardelinux:secure_linux:1.1:*:professional:*:*:*:*:*
engardelinux
engardelinux
>>secure_linux>>1.2
cpe:2.3:o:engardelinux:secure_linux:1.2:*:professional:*:*:*:*:*
engardelinux
engardelinux
>>secure_linux>>1.5
cpe:2.3:o:engardelinux:secure_linux:1.5:*:professional:*:*:*:*:*
Slackware
slackware
>>slackware_linux>>8.1
cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
Slackware
slackware
>>slackware_linux>>9.0
cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware_linux>>9.1
cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
Slackware
slackware
>>slackware_linux>>current
cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20031202-01-Ucve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=107055681311602&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=107055684711629&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=107055702911867&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=107056923528423&w=2cve@mitre.org
N/A
http://secunia.com/advisories/10353cve@mitre.org
N/A
http://secunia.com/advisories/10354cve@mitre.org
N/A
http://secunia.com/advisories/10355cve@mitre.org
N/A
http://secunia.com/advisories/10356cve@mitre.org
N/A
http://secunia.com/advisories/10357cve@mitre.org
N/A
http://secunia.com/advisories/10358cve@mitre.org
N/A
http://secunia.com/advisories/10359cve@mitre.org
N/A
http://secunia.com/advisories/10360cve@mitre.org
N/A
http://secunia.com/advisories/10361cve@mitre.org
N/A
http://secunia.com/advisories/10362cve@mitre.org
N/A
http://secunia.com/advisories/10363cve@mitre.org
N/A
http://secunia.com/advisories/10364cve@mitre.org
N/A
http://secunia.com/advisories/10378cve@mitre.org
N/A
http://secunia.com/advisories/10474cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/325603cve@mitre.org
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111cve@mitre.org
N/A
http://www.osvdb.org/2898cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2003-398.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/9153cve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13899cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415cve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20031202-01-Uaf854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=107055681311602&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=107055684711629&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=107055702911867&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=107056923528423&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10353af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10354af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10355af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10356af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10357af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10358af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10359af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10360af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10361af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10362af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10363af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10364af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10378af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/10474af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/325603af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2003:111af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/2898af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2003-398.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/9153af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13899af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107055681311602&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107055684711629&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107055702911867&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107056923528423&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10353
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10354
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10355
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10356
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10357
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10358
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10359
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10360
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10361
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10362
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10363
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10364
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10378
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10474
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/325603
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/2898
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-398.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/9153
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107055681311602&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107055684711629&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107055702911867&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=107056923528423&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10353
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10354
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10355
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10356
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10357
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10358
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10359
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10360
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10361
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10362
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10363
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10364
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10378
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/10474
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/325603
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2003:111
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/2898
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-398.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/9153
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/13899
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

515Records found
CVE-2017-5446
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.35% / 79.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5645
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.01% / 99.89%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software FoundationOracle CorporationNetApp, Inc.
Product-flexcube_investor_servicingenterprise_linux_desktopinstantis_enterprisetrackfinancial_services_profitability_managementpeoplesoft_enterprise_fin_installsiebel_ui_frameworkmysql_enterprise_monitorcommunications_online_mediation_controlleroncommand_insightrapid_planningoncommand_api_servicesfinancial_services_loan_loss_forecasting_and_provisioningretail_service_backboneinsurance_rules_paletteapplication_testing_suitecommunications_pricing_design_centercommunications_messaging_serverenterprise_manager_base_platformendeca_information_discovery_studioretail_extract_transform_and_loadfinancial_services_behavior_detection_platforminsurance_calculation_enginejdeveloperenterprise_linux_server_tuspolicy_automation_connector_for_siebelfusion_middleware_mapviewerenterprise_manager_for_fusion_middlewareprimavera_gatewayfinancial_services_hedge_management_and_ifrs_valuationsutilities_advanced_spatial_and_operational_analyticsenterprise_linux_server_ausbanking_platformretail_integration_busconfiguration_managersnapcenterenterprise_manager_for_peoplesoftutilities_work_and_asset_managementfinancial_services_analytical_applications_infrastructureretail_advanced_inventory_planninggoldengatepolicy_automationfinancial_services_regulatory_reporting_with_agilereporterjd_edwards_enterpriseone_toolsstorage_automation_storeretail_predictive_application_servercommunications_network_integrityenterprise_manager_for_mysql_databaseapi_gatewayenterprise_linux_server_eusenterprise_linuxtape_library_acslspolicy_automation_for_mobile_devicessoa_suiteretail_open_commerce_platformidentity_manager_connectorbi_publisherinsurance_policy_administrationcommunications_webrtc_session_controllerweblogic_serveridentity_analyticscommunications_converged_application_server_-_service_controllerenterprise_linux_workstationidentity_management_suiteenterprise_linux_servertimesten_in-memory_databaselog4jcommunications_instant_messaging_serverservice_level_managerautovue_vuelink_integrationenterprise_manager_for_oracle_databasefuseretail_clearance_optimization_enginecommunications_service_brokercommunications_interactive_session_recorderfinancial_services_lending_and_leasingoncommand_workflow_automationenterprise_data_qualitygoldengate_application_adaptersin-memory_performance-driven_planningApache Log4j
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-5404
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-21.29% / 95.54%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2017-5929
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.69% / 94.09%
||
7 Day CHG~0.00%
Published-13 Mar, 2017 | 06:14
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

Action-Not Available
Vendor-qosn/aRed Hat, Inc.
Product-logbacksatellite_capsulesatelliten/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2003-0686
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-49.33% / 97.70%
||
7 Day CHG+7.93%
Published-03 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-dave_airlien/aRed Hat, Inc.
Product-pam_smbn/a
CVE-2017-5380
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.80% / 82.44%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5400
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.58%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0689
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 75.11%
||
7 Day CHG~0.00%
Published-03 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linuxn/a
CVE-2017-5435
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.36% / 84.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5442
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5443
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5434
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5396
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.84% / 82.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5432
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5401
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.20% / 84.08%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CVE-2017-5202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.08% / 77.47%
||
7 Day CHG~0.00%
Published-28 Jan, 2017 | 01:33
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.90% / 82.90%
||
7 Day CHG~0.00%
Published-10 Dec, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.

Action-Not Available
Vendor-cvsn/aSlackware
Product-slackware_linuxcvsn/a
CVE-2017-5456
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.76%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESR
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2017-5448
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.6||HIGH
EPSS-1.38% / 79.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-firefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESR
CWE ID-CWE-787
Out-of-bounds Write
CVE-2003-0700
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.22%
||
7 Day CHG~0.00%
Published-22 Jan, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-kerneln/a
CVE-2017-5439
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5460
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5203
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.08% / 77.47%
||
7 Day CHG~0.00%
Published-28 Jan, 2017 | 01:33
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5441
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5386
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.3||HIGH
EPSS-1.19% / 78.46%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-firefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESR
CVE-2017-5205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.08% / 77.47%
||
7 Day CHG~0.00%
Published-28 Jan, 2017 | 01:33
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5375
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-60.74% / 98.25%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5459
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.31% / 90.74%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5373
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.93% / 83.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_workstationThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5440
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 82.97%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-416
Use After Free
CVE-2017-5390
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.75% / 82.20%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CVE-2017-5469
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.37% / 89.87%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0989
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.69% / 95.28%
||
7 Day CHG~0.00%
Published-15 Jan, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxtcpdumpn/a
CVE-2018-5148
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 81.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-firefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverenterprise_linux_server_eusdebian_linuxenterprise_linux_workstationFirefoxFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2018-5096
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.56% / 81.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESR
CWE ID-CWE-416
Use After Free
CVE-2017-5402
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.53% / 85.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2017-2885
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-8.55% / 92.20%
||
7 Day CHG-4.65%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Action-Not Available
Vendor-The GNOME ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktoplibsouplibsoup
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5188
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.03% / 86.33%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0699
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.02%
||
7 Day CHG+0.29%
Published-22 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linuxlinux_advanced_workstationn/a
CVE-1999-0705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.63% / 90.99%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in INN inews program.

Action-Not Available
Vendor-n/aRed Hat, Inc.Internet Systems Consortium, Inc.
Product-innlinuxn/a
CVE-1999-0997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.82% / 87.86%
||
7 Day CHG~0.00%
Published-25 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Action-Not Available
Vendor-university_of_washingtonmillenux_gmbhn/aRed Hat, Inc.
Product-linuxanonftpwu-ftpdn/a
CVE-2015-1814
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-16 Oct, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CVE-2021-20314
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.16%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 14:37
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Action-Not Available
Vendor-libspf2n/aRed Hat, Inc.Fedora Project
Product-libspf2enterprise_linuxfedoralibspf2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20236
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.26%
||
7 Day CHG-0.09%
Published-28 May, 2021 | 10:42
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-zeromqn/aRed Hat, Inc.Fedora Project
Product-ceph_storagezeromqenterprise_linuxfedorazeromq
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20578
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 16:20
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftcloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-287
Improper Authentication
CVE-2003-0546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.95%
||
7 Day CHG~0.00%
Published-14 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-up2daten/a
CVE-2019-12450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.94% / 75.84%
||
7 Day CHG~0.00%
Published-29 May, 2019 | 16:16
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxopenSUSEThe GNOME ProjectFedora ProjectRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxglibenterprise_linux_server_ausenterprise_linuxfedoraenterprise_linux_eusenterprise_linux_server_tusleapn/a
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-18500
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-28.23% / 96.38%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxthunderbirddebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-416
Use After Free
CVE-2003-0370
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.84%
||
7 Day CHG~0.00%
Published-05 Jun, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

Action-Not Available
Vendor-turbolinuxn/aRed Hat, Inc.KDEApple Inc.
Product-safarikonqueror_embeddedturbolinux_serverkdeturbolinux_workstationlinuxn/a
CVE-2003-0335
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.97%
||
7 Day CHG~0.00%
Published-23 May, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec.

Action-Not Available
Vendor-n/aSlackware
Product-slackware_linuxn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found