Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0914

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Dec, 2004 | 05:00
Updated At-08 Aug, 2024 | 00:31
Rejected At-
Credits

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Dec, 2004 | 05:00
Updated At:08 Aug, 2024 | 00:31
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
vdb-entry
x_refsource_XF
http://www.ubuntu.com/usn/usn-83-1
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
vdb-entry
x_refsource_XF
http://secunia.com/advisories/13224/
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
vdb-entry
signature
x_refsource_OVAL
http://www.linuxsecurity.com/content/view/106877/102/
vendor-advisory
x_refsource_FEDORA
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2004-610.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
vdb-entry
x_refsource_XF
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2004/dsa-607
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/11694
vdb-entry
x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
vendor-advisory
x_refsource_GENTOO
http://www.ubuntu.com/usn/usn-83-2
vendor-advisory
x_refsource_UBUNTU
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
vendor-advisory
x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
vendor-advisory
x_refsource_MANDRAKE
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
vendor-advisory
x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
vdb-entry
x_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
vdb-entry
x_refsource_XF
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/13224/
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2004/dsa-607
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/11694
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
vdb-entry
x_refsource_XF
x_transferred
http://www.ubuntu.com/usn/usn-83-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/13224/
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.linuxsecurity.com/content/view/106877/102/
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-610.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
vdb-entry
x_refsource_XF
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2004/dsa-607
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/11694
vdb-entry
x_refsource_BID
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.ubuntu.com/usn/usn-83-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
vendor-advisory
x_refsource_HP
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
vdb-entry
x_refsource_XF
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/13224/
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-607
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/11694
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Jan, 2005 | 05:00
Updated At:03 Apr, 2025 | 01:03

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
lesstif
lesstif
>>lesstif>>0.93
cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.12
cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.18
cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.34
cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.36
cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.40
cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.91
cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.94
cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.96
cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.7.0
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.8
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.8.1
cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3
cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.2
cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.3
cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.4
cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.5
cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.6
cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0
cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.1
cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.2.11
cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.3
cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.0
cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.11
cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.12
cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.0
cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.3.0
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
Gentoo Foundation, Inc.
gentoo
>>linux>>*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora_core>>core_2.0
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora_core>>core_3.0
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>1.0
cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
SUSE
suse
>>suse_linux>>8
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2004-537.htmlcve@mitre.org
N/A
http://secunia.com/advisories/13224/cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2004/dsa-607cve@mitre.org
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlcve@mitre.org
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xmlcve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlcve@mitre.org
N/A
http://www.linuxsecurity.com/content/view/106877/102/cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137cve@mitre.org
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-610.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/11694cve@mitre.org
Patch
Vendor Advisory
http://www.ubuntu.com/usn/usn-83-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-83-2cve@mitre.org
N/A
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patchcve@mitre.org
N/A
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943cve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2004-537.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/13224/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2004/dsa-607af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.linuxsecurity.com/content/view/106877/102/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-610.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/11694af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.ubuntu.com/usn/usn-83-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-83-2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patchaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/13224/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2004/dsa-607
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11694
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/13224/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2004/dsa-607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11694
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

280Records found
CVE-2002-0083
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.08% / 88.08%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Action-Not Available
Vendor-trustixconectivaimmunixopenpkgengardelinuxn/aSUSEOpenBSDRed Hat, Inc.Mandriva (Mandrakesoft)
Product-opensshmandrake_linux_corporate_serveropenpkgimmunixsuse_linuxmandrake_single_network_firewalllinuxsecure_linuxmandrake_linuxn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2016-1659
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-2.37% / 84.31%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSESUSEGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-leapubuntu_linuxchromedebian_linuxlinux_enterprisen/a
CVE-2011-4862
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-10||HIGH
EPSS-92.58% / 99.73%
||
7 Day CHG~0.00%
Published-25 Dec, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Action-Not Available
Vendor-heimdal_projectn/aSUSEDebian GNU/LinuxGNUFedora ProjectMIT (Massachusetts Institute of Technology)openSUSEFreeBSD Foundation
Product-fedorafreebsddebian_linuxopensuselinux_enterprise_software_development_kitlinux_enterprise_serverinetutilskrb5-appllinux_enterprise_desktopheimdaln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-4727
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files.

Action-Not Available
Vendor-n/aParallels International GmbhRed Hat, Inc.Microsoft Corporation
Product-enterprise_linuxwindowsparallels_plesk_paneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1662
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-15.29% / 94.35%
||
7 Day CHG-0.52%
Published-14 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCopenSUSE
Product-enterprise_linux_workstation_supplementaryopensuseenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_desktop_supplementaryn/a
CVE-2011-3172
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.93%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 13:00
Updated-17 Sep, 2024 | 04:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
unix2_chkpwd do not check for a valid account

A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.

Action-Not Available
Vendor-SUSE
Product-suse_linux_enterprise_serverSUSE Linux Enterprise
CWE ID-CWE-304
Missing Critical Step in Authentication
CWE ID-CWE-264
Not Available
CVE-2000-1221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-12.18% / 93.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Silicon Graphics, Inc.
Product-linuxdebian_linuxirixn/a
CVE-2001-0388
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.99% / 75.96%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

Action-Not Available
Vendor-n/aFreeBSD FoundationSUSEMandriva (Mandrakesoft)
Product-suse_linuxfreebsdmandrake_linuxn/a
CVE-2001-0197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-9.54% / 92.54%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-icecastn/aRed Hat, Inc.
Product-icecastlinuxn/a
CVE-2000-1040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.84% / 82.21%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CVE-2011-2767
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-4.88% / 89.16%
||
7 Day CHG~0.00%
Published-26 Aug, 2018 | 16:00
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationDebian GNU/LinuxRed Hat, Inc.
Product-mod_perlubuntu_linuxenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopmod_perl 2.0 through 2.0.10
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2000-1220
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.13% / 86.33%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

Action-Not Available
Vendor-n/aSilicon Graphics, Inc.Red Hat, Inc.
Product-linuxirixn/a
CVE-2000-0917
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-83.54% / 99.24%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-trustixn/aThe MITRE Corporation (Caldera)Red Hat, Inc.
Product-openlinux_ebuilderlinuxopenlinux_edesktopopenlinux_eserversecure_linuxopenlinuxn/a
CVE-2001-0233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.82% / 94.25%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

Action-Not Available
Vendor-matthew_smithn/aDebian GNU/LinuxRed Hat, Inc.
Product-linuxmicqdebian_linuxn/a
CVE-2000-0844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.89% / 74.60%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Action-Not Available
Vendor-trustixconectivaimmunixturbolinuxn/aMandriva (Mandrakesoft)SlackwareDebian GNU/LinuxRed Hat, Inc.SUSEIBM CorporationSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)The MITRE Corporation (Caldera)
Product-openlinux_eserversecure_linuxaixsolaristurbolinuxirixopenlinux_ebuilderimmunixdebian_linuxsunossuse_linuxlinuxslackware_linuxopenlinuxmandrake_linuxn/a
CVE-2010-2302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.17% / 89.50%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 17:48
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE: this might overlap CVE-2010-1771.

Action-Not Available
Vendor-n/aopenSUSESUSEGoogle LLC
Product-opensusesuse_linux_enterprise_serverchromesuse_linux_enterprise_desktopn/a
CWE ID-CWE-416
Use After Free
CVE-2000-0322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-77.77% / 98.96%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2000-0093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.25% / 48.31%
||
7 Day CHG~0.00%
Published-08 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2000-0390
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.48% / 91.99%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-cygnusn/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-cygnus_network_securitykerberoslinuxkerbnetkerberos_5n/a
CVE-2000-0248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-75.88% / 98.87%
||
7 Day CHG~0.00%
Published-26 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-1999-1299
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.48% / 64.24%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.

Action-Not Available
Vendor-n/aSlackwareRed Hat, Inc.
Product-linuxslackware_linuxn/a
CVE-2000-0391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.48% / 91.99%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-cygnusn/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-cygnus_network_securitykerberoslinuxkerbnetkerberos_5n/a
CVE-2000-0017
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.97% / 85.97%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-1999-1542
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.32% / 84.17%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2000-0233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linux_imap_servern/a
CVE-1999-0241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.13% / 89.46%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Action-Not Available
Vendor-xfree86_projectn/aSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)
Product-solarissunosx11r6irixn/a
CVE-2016-2807
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.01%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSE
Product-leapfirefoxlinux_enterpriseopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2000-0389
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-11.01% / 93.15%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-cygnusn/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-cygnus_network_securitykerberoslinuxkerbnetkerberos_5n/a
CVE-1999-0894
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.41% / 60.41%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-1999-0832
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.24% / 78.37%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.
Product-linuxdebian_linuxn/a
CVE-1999-0426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.67% / 87.44%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.

Action-Not Available
Vendor-n/aSUSE
Product-suse_linuxn/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2016-2315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.72% / 96.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-git-scmn/aopenSUSESUSE
Product-leapopensuselinux_enterprise_software_development_kitopenstack_cloudsuse_linux_enterprise_servergitlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0002
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-16.84% / 94.69%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

Action-Not Available
Vendor-bsdin/aThe MITRE Corporation (Caldera)Red Hat, Inc.
Product-bsd_osopenlinuxlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.49% / 89.83%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

Action-Not Available
Vendor-bsdiuniversity_of_washingtonn/aThe MITRE Corporation (Caldera)IBM CorporationRed Hat, Inc.
Product-bsd_osaiximappoplinuxopenlinuxn/a
CVE-1999-0009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-80.48% / 99.09%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Action-Not Available
Vendor-bsdiscodata_generaln/aThe MITRE Corporation (Caldera)NEC CorporationIBM CorporationSun Microsystems (Oracle Corporation)Silicon Graphics, Inc.Internet Systems Consortium, Inc.NetBSDRed Hat, Inc.
Product-bsd_osnetbsddg_uxbindaixsolarisasl_ux_4800irixopen_desktopunixwaresunoslinuxopenlinuxn/a
CVE-1999-0043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.59% / 80.90%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Action-Not Available
Vendor-bsdin/absdiThe MITRE Corporation (Caldera)Netscape (Yahoo Inc.)NEC CorporationInternet Systems Consortium, Inc.Red Hat, Inc.
Product-bsd_osgoah_intrasvnews_serverlinuxinnopenlinuxgoah_networksvn/absd_oslinuxopenlinuxgoah_intrasvgoah_networksvnews_serverinn
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-1999-0011
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-10.98% / 93.15%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-09 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

Action-Not Available
Vendor-scodata_generaln/aInternet Systems Consortium, Inc.IBM CorporationNetBSDNEC CorporationSun Microsystems (Oracle Corporation)Red Hat, Inc.
Product-asl_ux_4800unixbindlinuxopenserverunixwaresunosdg_uxnetbsdopen_desktopaixn/a
CWE ID-CWE-1067
Excessive Execution of Sequential Searches of Data Resource
CVE-1999-0368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-48.33% / 97.65%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Action-Not Available
Vendor-proftpd_projectwashington_universityscon/aSlackwareThe MITRE Corporation (Caldera)Red Hat, Inc.Debian GNU/Linux
Product-proftpdopenserverunixwaredebian_linuxlinuxslackware_linuxopenlinuxwu-ftpdn/a
CVE-2016-1601
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 66.88%
||
7 Day CHG~0.00%
Published-26 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aSUSE
Product-linux_enterprise_desktopyast2linux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2016-2108
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-65.50% / 98.43%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCOpenSSL
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationopensslandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.65% / 96.56%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-git-scmn/aopenSUSESUSE
Product-leapopensuselinux_enterprise_software_development_kitopenstack_cloudsuse_linux_enterprise_servergitlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3953
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-90.51% / 99.59%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 19:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationSUSEApple Inc.openSUSE
Product-linux_enterprise_debuginfomac_os_xopensuseacrobatwindowslinux_enterprisen/aAcrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-4203
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.12% / 91.80%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.

Action-Not Available
Vendor-webmprojectn/aRed Hat, Inc.Google LLC
Product-enterprise_linux_workstationenterprise_linux_serverlibvpxenterprise_linux_desktopchromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-2495
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-1.49% / 80.27%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSECanonical Ltd.
Product-linux_kernelubuntu_linuxsuse_linux_enterprise_high_availability_extensionsuse_linux_enterprise_desktopsuse_linux_enterprise_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-4944
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.91% / 95.94%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_oswindowsmacoswindows_10enterprise_linux_desktopflash_playerAdobe Flash Player 29.0.0.140 and earlier versions
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2018-4877
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.04% / 89.34%
||
7 Day CHG-0.25%
Published-06 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_oswindowsmacoswindows_10enterprise_linux_desktopflash_playerAdobe Flash Player before 28.0.0.161
CWE ID-CWE-416
Use After Free
CVE-2016-0639
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-17.04% / 94.72%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle Corporation
Product-enterprise_linuxmysqln/a
CVE-2016-0749
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-20.47% / 95.33%
||
7 Day CHG~0.00%
Published-09 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-spice_projectn/aopenSUSERed Hat, Inc.Debian GNU/LinuxMicrosoft Corporation
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausspiceleapopensuseenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationwindowsdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0788
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-37.43% / 97.06%
||
7 Day CHG~0.00%
Published-07 Apr, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CVE-2009-0846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-23.59% / 95.76%
||
7 Day CHG~0.00%
Published-09 Apr, 2009 | 00:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Action-Not Available
Vendor-n/aApple Inc.MIT (Massachusetts Institute of Technology)Red Hat, Inc.Canonical Ltd.Fedora Project
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_workstationfedoraenterprise_linuxmac_os_xenterprise_linux_euskerberos_5enterprise_linux_desktopn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found