Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0914

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Dec, 2004 | 05:00
Updated At-08 Aug, 2024 | 00:31
Rejected At-
Credits

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Dec, 2004 | 05:00
Updated At:08 Aug, 2024 | 00:31
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
vdb-entry
x_refsource_XF
http://www.ubuntu.com/usn/usn-83-1
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
vdb-entry
x_refsource_XF
http://secunia.com/advisories/13224/
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
vdb-entry
signature
x_refsource_OVAL
http://www.linuxsecurity.com/content/view/106877/102/
vendor-advisory
x_refsource_FEDORA
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2004-610.html
vendor-advisory
x_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
vdb-entry
x_refsource_XF
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2004/dsa-607
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/11694
vdb-entry
x_refsource_BID
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
vendor-advisory
x_refsource_GENTOO
http://www.ubuntu.com/usn/usn-83-2
vendor-advisory
x_refsource_UBUNTU
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
vendor-advisory
x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
vendor-advisory
x_refsource_MANDRAKE
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
vendor-advisory
x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
vdb-entry
x_refsource_XF
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
vdb-entry
x_refsource_XF
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/13224/
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2004/dsa-607
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/11694
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2005-004.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
vdb-entry
x_refsource_XF
x_transferred
http://www.ubuntu.com/usn/usn-83-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2004-537.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/13224/
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.linuxsecurity.com/content/view/106877/102/
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-610.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
vdb-entry
x_refsource_XF
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2004/dsa-607
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/11694
vdb-entry
x_refsource_BID
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.ubuntu.com/usn/usn-83-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
vendor-advisory
x_refsource_HP
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
vdb-entry
x_refsource_XF
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/13224/
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-607
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/11694
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Jan, 2005 | 05:00
Updated At:03 Apr, 2025 | 01:03

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
lesstif
lesstif
>>lesstif>>0.93
cpe:2.3:a:lesstif:lesstif:0.93:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.12
cpe:2.3:a:lesstif:lesstif:0.93.12:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.18
cpe:2.3:a:lesstif:lesstif:0.93.18:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.34
cpe:2.3:a:lesstif:lesstif:0.93.34:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.36
cpe:2.3:a:lesstif:lesstif:0.93.36:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.40
cpe:2.3:a:lesstif:lesstif:0.93.40:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.91
cpe:2.3:a:lesstif:lesstif:0.93.91:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.94
cpe:2.3:a:lesstif:lesstif:0.93.94:*:*:*:*:*:*:*
lesstif
lesstif
>>lesstif>>0.93.96
cpe:2.3:a:lesstif:lesstif:0.93.96:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.7.0
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.8
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>x11r6>>6.8.1
cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3
cpe:2.3:a:xfree86_project:x11r6:3.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.2
cpe:2.3:a:xfree86_project:x11r6:3.3.2:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.3
cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.4
cpe:2.3:a:xfree86_project:x11r6:3.3.4:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.5
cpe:2.3:a:xfree86_project:x11r6:3.3.5:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>3.3.6
cpe:2.3:a:xfree86_project:x11r6:3.3.6:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0
cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.1
cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.2.11
cpe:2.3:a:xfree86_project:x11r6:4.0.2.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.0.3
cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.0
cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.11
cpe:2.3:a:xfree86_project:x11r6:4.1.11:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.1.12
cpe:2.3:a:xfree86_project:x11r6:4.1.12:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.0
cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.2.1
cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:errata:*:*:*:*:*
xfree86_project
xfree86_project
>>x11r6>>4.3.0
cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*
Gentoo Foundation, Inc.
gentoo
>>linux>>*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora_core>>core_2.0
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>fedora_core>>core_3.0
cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>1.0
cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
SUSE
suse
>>suse_linux>>8
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.0
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
SUSE
suse
>>suse_linux>>9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2004-537.htmlcve@mitre.org
N/A
http://secunia.com/advisories/13224/cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2004/dsa-607cve@mitre.org
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlcve@mitre.org
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xmlcve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlcve@mitre.org
N/A
http://www.linuxsecurity.com/content/view/106877/102/cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137cve@mitre.org
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-610.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/11694cve@mitre.org
Patch
Vendor Advisory
http://www.ubuntu.com/usn/usn-83-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-83-2cve@mitre.org
N/A
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patchcve@mitre.org
N/A
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943cve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2004-537.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/13224/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2004/dsa-607af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200411-28.xmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-06.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200502-07.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.linuxsecurity.com/content/view/106877/102/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2004:137af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-610.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/11694af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.ubuntu.com/usn/usn-83-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-83-2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patchaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18142af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18144af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18145af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18146af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/18147af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/13224/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2004/dsa-607
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11694
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-537.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/13224/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2004/dsa-607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/content/view/106877/102/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:137
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-610.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/11694
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-83-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-83-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18142
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18144
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18145
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18146
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18147
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

280Records found
CVE-1999-0526
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-79.09% / 99.03%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-x11n/a
CVE-2017-1000116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-04 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

Action-Not Available
Vendor-mercurialn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusmercurialenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2000-0491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.92% / 91.02%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.

Action-Not Available
Vendor-n/aSUSEThe MITRE Corporation (Caldera)The GNOME Project
Product-suse_linuxopenlinuxgdmn/a
CVE-2007-2194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-27.66% / 96.25%
||
7 Day CHG~0.00%
Published-24 Apr, 2007 | 17:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aGentoo Foundation, Inc.
Product-xnviewn/a
CVE-2015-0352
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2019-14896
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-2.58% / 84.98%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 08:05
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedoraenterprise_linuxkernel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-0980
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.19% / 83.69%
||
7 Day CHG~0.00%
Published-16 Feb, 2007 | 01:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.

Action-Not Available
Vendor-n/aSUSEHP Inc.Red Hat, Inc.
Product-suse_united_linuxenterprise_linuxserviceguard_for_linuxsuse_linuxn/a
CVE-2018-5002
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-36.01% / 96.97%
||
7 Day CHG-1.37%
Published-09 Jul, 2018 | 19:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationApple Inc.Red Hat, Inc.Google LLCLinux Kernel Organization, Inc
Product-chrome_osmac_os_xenterprise_linux_serverlinux_kernelenterprise_linux_desktopwindows_10flash_playerwindows_8.1windowsenterprise_linux_workstationflash_player_desktop_runtimeAdobe Flash Player 29.0.0.171 and earlier versionsFlash Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-1007
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-12.34% / 93.62%
||
7 Day CHG~0.00%
Published-20 Feb, 2007 | 17:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.

Action-Not Available
Vendor-ekigan/aRed Hat, Inc.
Product-ekigaenterprise_linux_desktopenterprise_linuxn/a
CVE-2018-15981
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-31.05% / 96.58%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Google LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10enterprise_linux_desktopflash_playerFlash Player
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2016-6662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-89.17% / 99.51%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Action-Not Available
Vendor-perconan/aMariaDB FoundationRed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausmariadbmysqlenterprise_linux_desktoppercona_serverenterprise_linux_server_eusenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxopenstackn/a
CVE-2016-5118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-35.42% / 96.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Action-Not Available
Vendor-n/aOracle CorporationImageMagick Studio LLCCanonical Ltd.Debian GNU/LinuxGraphicsMagickSUSEopenSUSE
Product-solarisstudio_onsiteleapopensuseubuntu_linuximagemagickgraphicsmagicklinux_enterprise_desktoplinux_enterprise_debuginfolinux_enterprise_workstation_extensiondebian_linuxlinuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2018-14649
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-58.11% / 98.10%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 17:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-enterprise_linux_serverceph_storageenterprise_linux_workstationenterprise_linux_desktopceph-iscsi-cliceph-iscsi-cli
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-5411
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.66%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linuxquickstart_cloud_installern/a
CVE-2016-4117
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-92.78% / 99.75%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

Action-Not Available
Vendor-n/aAdobe Inc.SUSERed Hat, Inc.openSUSE
Product-flash_playerenterprise_linux_serveropensuseenterprise_linux_desktopevergreenenterprise_linux_workstationenterprise_linux_server_from_rhuilinux_enterprise_desktoplinux_enterprise_workstation_extensionn/aFlash Player
CVE-2016-4171
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-23.58% / 95.76%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||The impacted product is end-of-life and should be disconnected if still in use.

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationSUSEApple Inc.Red Hat, Inc.Google LLCopenSUSELinux Kernel Organization, Inc
Product-flash_playerchrome_osenterprise_linux_serverlinux_kernellinux_enterprise_workstation_extensionopensusemacosenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/aFlash Player
CVE-2016-4448
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.70% / 85.29%
||
7 Day CHG+0.10%
Published-09 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Action-Not Available
Vendor-n/aOracle CorporationMcAfee, LLCTenable, Inc.SlackwareHP Inc.Microsoft CorporationApple Inc.Red Hat, Inc.libxml2 (XMLSoft)
Product-enterprise_linuxenterprise_linux_servermac_os_xwatchositunesenterprise_linux_server_eusvm_serverlinuxtvosenterprise_linux_server_auslibxml2icewall_federation_agententerprise_linux_desktopweb_gatewayenterprise_linux_server_tusenterprise_linux_workstationslackware_linuxlog_correlation_enginewindowsiphone_osicloudn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2016-3714
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-93.86% / 99.86%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-30||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxopenSUSECanonical Ltd.ImageMagick Studio LLC
Product-leapopensuseubuntu_linuximagemagicksuse_linux_enterprise_serverdebian_linuxn/asuse_linux_enterprise_serverimagemagickopensusedebian_linuxubuntu_linuxleapImageMagick
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.63% / 99.83%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Action-Not Available
Vendor-n/aOracle CorporationThe Apache Software FoundationSUSENetApp, Inc.Red Hat, Inc.openSUSECanonical Ltd.Debian GNU/Linux
Product-oncommand_workflow_automationoncommand_performance_managerlinux_enterprise_serveroncommand_shiftmanager_proxyenterprise_linux_server_eusoncommand_unified_managerjdkoncommand_reportmanagere-series_santricity_web_servicesdebian_linuxlinuxvasa_provider_for_clustered_data_ontape-series_santricity_management_plug-insenterprise_linux_server_ausstoragegridjrockitleapopensuseenterprise_linux_desktope-series_santricity_storage_managersatelliteenterprise_linux_serverenterprise_linux_euslinux_enterprise_module_for_legacyopenstack_cloudlinux_enterprise_desktoplinux_enterprise_software_development_kitoncommand_insightoncommand_balanceubuntu_linuxoncommand_cloud_managerenterprise_linux_server_tusenterprise_linux_workstationjrecassandravirtual_storage_consolen/aJava SE and JRockit
CWE ID-CWE-284
Improper Access Control
CVE-2016-1601
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 66.89%
||
7 Day CHG~0.00%
Published-26 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an AutoYaST installation when the profile does not contain inst-sys users, which might allow attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aSUSE
Product-linux_enterprise_desktopyast2linux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2016-2324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.65% / 96.56%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-git-scmn/aopenSUSESUSE
Product-leapopensuselinux_enterprise_software_development_kitopenstack_cloudsuse_linux_enterprise_servergitlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1662
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-15.29% / 94.35%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCopenSUSE
Product-enterprise_linux_workstation_supplementaryopensuseenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_desktop_supplementaryn/a
CVE-2016-2108
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-65.50% / 98.43%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCOpenSSL
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationopensslandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1659
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-2.37% / 84.31%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSESUSEGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-leapubuntu_linuxchromedebian_linuxlinux_enterprisen/a
CVE-2016-2315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-25.72% / 96.03%
||
7 Day CHG~0.00%
Published-08 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-git-scmn/aopenSUSESUSE
Product-leapopensuselinux_enterprise_software_development_kitopenstack_cloudsuse_linux_enterprise_servergitlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0904
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-31.75% / 96.65%
||
7 Day CHG~0.00%
Published-24 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Action-Not Available
Vendor-conectivan/aRed Hat, Inc.Mozilla CorporationNetscape (Yahoo Inc.)
Product-firefoxthunderbirdmozillanavigatorenterprise_linux_desktopfedora_corelinuxenterprise_linuxlinux_advanced_workstationn/a
CVE-2020-27846
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.05% / 91.12%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 15:16
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-saml_projectn/aRed Hat, Inc.Fedora ProjectGrafana Labs
Product-grafanaopenshift_service_meshopenshift_container_platformenterprise_linuxfedorasamlcrewjam/saml
CWE ID-CWE-115
Misinterpretation of Input
CVE-2018-1000861
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.47% / 100.00%
||
7 Day CHG~0.00%
Published-10 Dec, 2018 | 14:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-10||Apply updates per vendor instructions.

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshift_container_platformjenkinsn/aJenkins Stapler Web Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-0749
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-20.47% / 95.33%
||
7 Day CHG~0.00%
Published-09 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-spice_projectn/aopenSUSERed Hat, Inc.Debian GNU/LinuxMicrosoft Corporation
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausspiceleapopensuseenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationwindowsdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0788
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-37.43% / 97.06%
||
7 Day CHG~0.00%
Published-07 Apr, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CVE-2016-0639
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-17.04% / 94.72%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle Corporation
Product-enterprise_linuxmysqln/a
CVE-2004-1052
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.47% / 80.15%
||
7 Day CHG~0.00%
Published-18 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

Action-Not Available
Vendor-bncn/aDebian GNU/LinuxGentoo Foundation, Inc.
Product-linuxdebian_linuxbncn/a
CVE-2004-1037
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-85.83% / 99.34%
||
7 Day CHG~0.00%
Published-19 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

Action-Not Available
Vendor-twikin/aGentoo Foundation, Inc.
Product-linuxtwikin/a
CVE-2004-0947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-12.79% / 93.75%
||
7 Day CHG~0.00%
Published-24 Nov, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Action-Not Available
Vendor-arj_software_inc.n/aGentoo Foundation, Inc.SUSE
Product-linuxunarjsuse_linuxn/a
CVE-2015-7501
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-71.46% / 98.66%
||
7 Day CHG-0.40%
Published-09 Nov, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_bpm_suitejboss_operations_networkjboss_portaljboss_data_virtualizationjboss_enterprise_application_platformdata_gridjboss_enterprise_brms_platformjboss_fuse_service_worksopenshiftjboss_fusexpaasjboss_a-mqjboss_enterprise_web_serverjboss_enterprise_soa_platformsubscription_asset_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2004-0234
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.48% / 91.99%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Action-Not Available
Vendor-stalkertsugio_okamotoclearswiftn/aRARLAB (WinRAR)Silicon Graphics, Inc.WinZipF-Secure CorporationRed Hat, Inc.
Product-propackcgpmcafeef-secure_personal_expressf-secure_internet_securitywinzipinternet_gatekeeperf-secure_anti-viruswinrarfedora_coref-secure_for_firewallslhamailsweepern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4603
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-11.44% / 93.32%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP Group
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusn/a
CVE-2015-4601
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-28.10% / 96.30%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP Group
Product-enterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusn/a
CVE-2015-3113
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-92.58% / 99.73%
||
7 Day CHG~0.00%
Published-23 Jun, 2015 | 21:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Action-Not Available
Vendor-n/aHP Inc.Adobe Inc.Microsoft CorporationSUSEApple Inc.Red Hat, Inc.openSUSELinux Kernel Organization, Inc
Product-enterprise_linux_serversystems_insight_managersystem_management_homepagelinux_kernellinux_enterprise_workstation_extensionenterprise_linux_eusevergreenlinux_enterprise_desktopflash_playerversion_control_repository_manageropensuseenterprise_linux_desktopinsight_orchestrationwindowsenterprise_linux_workstationversion_control_agentvirtual_connect_enterprise_managermac_os_xn/aFlash Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-3041
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2015-3039
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-8.70% / 92.11%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2015-3038
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-10.40% / 92.91%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2015-0347
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2015-0408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-11.78% / 93.44%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

Action-Not Available
Vendor-n/aOracle CorporationopenSUSERed Hat, Inc.Debian GNU/LinuxNovellCanonical Ltd.
Product-enterprise_linuxopensuseubuntu_linuxsuse_linux_enterprise_serverjdksuse_linux_enterprise_desktopdebian_linuxjren/a
CVE-2015-0360
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.16% / 88.22%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2003-0466
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-90.83% / 99.61%
||
7 Day CHG~0.00%
Published-01 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Action-Not Available
Vendor-wuftpdn/aNetBSDOpenBSDRed Hat, Inc.FreeBSD FoundationApple Inc.Sun Microsystems (Oracle Corporation)
Product-netbsdopenbsdwu_ftpdsolarismac_os_x_serverfreebsdmac_os_xwu-ftpdn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2015-0235
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-85.84% / 99.34%
||
7 Day CHG~0.00%
Published-28 Jan, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Action-Not Available
Vendor-n/aGNURed Hat, Inc.The PHP GroupApple Inc.IBM CorporationDebian GNU/LinuxOracle Corporation
Product-communications_eagle_lnp_application_processorcommunications_session_border_controllercommunications_webrtc_session_controllerphpdebian_linuxlinuxvirtualizationcommunications_eagle_application_processorexalogic_infrastructurecommunications_lsmscommunications_application_session_controllervm_virtualboxpureapplication_systemsecurity_access_manager_for_enterprise_single_sign-oncommunications_policy_managementglibcmac_os_xcommunications_user_data_repositoryn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-0351
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-8.70% / 92.11%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2015-0346
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-6.98% / 91.07%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2015-0358
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-2.32% / 84.18%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found