Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-1029

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Nov, 2004 | 05:00
Updated At-08 Aug, 2024 | 00:39
Rejected At-
Credits

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Nov, 2004 | 05:00
Updated At:08 Aug, 2024 | 00:39
Rejected At:
â–¼CVE Numbering Authority (CNA)

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
http://jouko.iki.fi/adv/javaplugin.html
x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
vdb-entry
signature
x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
vendor-advisory
x_refsource_APPLE
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
x_refsource_CONFIRM
http://secunia.com/advisories/13271
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29035
third-party-advisory
x_refsource_SECUNIA
http://securityreason.com/securityalert/61
third-party-advisory
x_refsource_SREASON
http://www.securityfocus.com/bid/12317
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2008/0599
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
vdb-entry
x_refsource_XF
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
vendor-advisory
x_refsource_SUNALERT
http://www.kb.cert.org/vuls/id/760344
third-party-advisory
x_refsource_CERT-VN
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://jouko.iki.fi/adv/javaplugin.html
Resource:
x_refsource_MISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/13271
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29035
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://securityreason.com/securityalert/61
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.securityfocus.com/bid/12317
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2008/0599
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.kb.cert.org/vuls/id/760344
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21257249
Resource:
x_refsource_CONFIRM
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
Resource:
vendor-advisory
x_refsource_SUNALERT
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://jouko.iki.fi/adv/javaplugin.html
x_refsource_MISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/13271
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29035
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://securityreason.com/securityalert/61
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.securityfocus.com/bid/12317
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2008/0599
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
vdb-entry
x_refsource_XF
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.kb.cert.org/vuls/id/760344
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www-1.ibm.com/support/docview.wss?uid=swg21257249
x_refsource_CONFIRM
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://jouko.iki.fi/adv/javaplugin.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/13271
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29035
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://securityreason.com/securityalert/61
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.securityfocus.com/bid/12317
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0599
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/760344
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21257249
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Mar, 2005 | 05:00
Updated At:16 Apr, 2026 | 00:27

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
HP Inc.
hp
>>java_sdk-rte>>1.3
cpe:2.3:a:hp:java_sdk-rte:1.3:*:hp-ux_pa-risc:*:*:*:*:*
HP Inc.
hp
>>java_sdk-rte>>1.4
cpe:2.3:a:hp:java_sdk-rte:1.4:*:hp-ux_pa-risc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_01
cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_01
cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_01a
cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_02
cpe:2.3:a:sun:jdk:1.3.1_02:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_02
cpe:2.3:a:sun:jdk:1.3.1_02:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_02
cpe:2.3:a:sun:jdk:1.3.1_02:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_03
cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_03
cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_03
cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_04
cpe:2.3:a:sun:jdk:1.3.1_04:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_05
cpe:2.3:a:sun:jdk:1.3.1_05:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_05
cpe:2.3:a:sun:jdk:1.3.1_05:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_05
cpe:2.3:a:sun:jdk:1.3.1_05:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_06
cpe:2.3:a:sun:jdk:1.3.1_06:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_06
cpe:2.3:a:sun:jdk:1.3.1_06:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_06
cpe:2.3:a:sun:jdk:1.3.1_06:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_07
cpe:2.3:a:sun:jdk:1.3.1_07:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_07
cpe:2.3:a:sun:jdk:1.3.1_07:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.3.1_07
cpe:2.3:a:sun:jdk:1.3.1_07:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4
cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4
cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4
cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_01
cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_02
cpe:2.3:a:sun:jdk:1.4.0_02:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_02
cpe:2.3:a:sun:jdk:1.4.0_02:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_02
cpe:2.3:a:sun:jdk:1.4.0_02:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_03
cpe:2.3:a:sun:jdk:1.4.0_03:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_03
cpe:2.3:a:sun:jdk:1.4.0_03:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_03
cpe:2.3:a:sun:jdk:1.4.0_03:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_4
cpe:2.3:a:sun:jdk:1.4.0_4:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_4
cpe:2.3:a:sun:jdk:1.4.0_4:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.0_4
cpe:2.3:a:sun:jdk:1.4.0_4:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1
cpe:2.3:a:sun:jdk:1.4.1:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1
cpe:2.3:a:sun:jdk:1.4.1:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1
cpe:2.3:a:sun:jdk:1.4.1:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_01
cpe:2.3:a:sun:jdk:1.4.1_01:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_01
cpe:2.3:a:sun:jdk:1.4.1_01:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_01
cpe:2.3:a:sun:jdk:1.4.1_01:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_02
cpe:2.3:a:sun:jdk:1.4.1_02:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_02
cpe:2.3:a:sun:jdk:1.4.1_02:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_02
cpe:2.3:a:sun:jdk:1.4.1_02:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_03
cpe:2.3:a:sun:jdk:1.4.1_03:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_03
cpe:2.3:a:sun:jdk:1.4.1_03:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.1_03
cpe:2.3:a:sun:jdk:1.4.1_03:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.2
cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.2
cpe:2.3:a:sun:jdk:1.4.2:*:solaris:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.2
cpe:2.3:a:sun:jdk:1.4.2:*:windows:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.4.2_01
cpe:2.3:a:sun:jdk:1.4.2_01:*:linux:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://jouko.iki.fi/adv/javaplugin.htmlcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.htmlcve@mitre.org
N/A
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.htmlcve@mitre.org
N/A
http://secunia.com/advisories/13271cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/29035cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/61cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1cve@mitre.org
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1cve@mitre.org
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257249cve@mitre.org
N/A
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilitiescve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/760344cve@mitre.org
US Government Resource
http://www.securityfocus.com/bid/12317cve@mitre.org
Patch
http://www.vupen.com/english/advisories/2008/0599cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674cve@mitre.org
N/A
http://jouko.iki.fi/adv/javaplugin.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/13271af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29035af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securityreason.com/securityalert/61af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257249af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilitiesaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/760344af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.securityfocus.com/bid/12317af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.vupen.com/english/advisories/2008/0599af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18188af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://jouko.iki.fi/adv/javaplugin.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/13271
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29035
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/61
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21257249
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/760344
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/12317
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.vupen.com/english/advisories/2008/0599
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://jouko.iki.fi/adv/javaplugin.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/13271
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/61
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg21257249
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/760344
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/12317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.vupen.com/english/advisories/2008/0599
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/18188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5674
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

149Records found
CVE-2008-0965
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.33% / 94.88%
||
7 Day CHG~0.00%
Published-08 Aug, 2008 | 18:12
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-opensolarissolarissunosn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2008-0312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-18.33% / 95.25%
||
7 Day CHG~0.00%
Published-08 Apr, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aSymantec CorporationMicrosoft Corporation
Product-norton_internet_securitywindowsnorton_antivirusnorton_360norton_system_worksn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6016
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-67.80% / 98.60%
||
7 Day CHG~0.00%
Published-29 Feb, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-backup_exec_for_windows_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-25.87% / 96.30%
||
7 Day CHG~0.00%
Published-10 Nov, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.

Action-Not Available
Vendor-activepdfautonomyn/aSymantec CorporationIBM Corporation
Product-mail_securitykeyview_viewer_sdkdocconverterkeyview_export_sdklotus_noteskeyview_filter_sdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-1993
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.00% / 89.75%
||
7 Day CHG~0.00%
Published-12 Apr, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5925
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-6.71% / 91.31%
||
7 Day CHG-0.55%
Published-13 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

Action-Not Available
Vendor-HP Inc.
Product-3yz74a_firmwared3q15am2u76_firmwared9l19a_firmwared4h22a_firmwaret3p03a_firmwaret0a23acq891arj6x76a_firmwared9l64a_firmwarej9v82af8b06a_firmwarek7s42a_firmwarecq890arf5s00cq176ab9s58aw1b38g0450_firmwaret0k98ad3a82ad3q17c_firmwaren4l17a_firmwarej9v80a_firmwarecz993a_firmwaret0g56aw1b37_firmwarecq890ccq893e_firmwarea7f65a_firmwarecq891c_firmwarek4t99bcq893bf0v64z4b12_firmwared3q20acm749acn459a_firmwaret3p03aw1b39_firmwarek7v42c_firmwaref5s43_firmwarey0s18ad3q15bf5s65ak9z76aj7a31a_firmwarecn583a_firmwaret3p04aj6x76af5s60am2u81w3u23d7z36a_firmwarej2d37acm750a_firmwarey5h80ae1d36ae1d36a_firmwarem2u85_firmwarey0s19a_firmwarel9d57ag1x85acq893c_firmwarecq176a_firmwarey5h80a_firmwarecq891ar_firmwarecn461a_firmwarex3b09aj6u63_firmwarek7v35v1n08acq890ar_firmwared3q21d_firmwarep0r21a_firmwarea9t80af1h96_firmwarecq891cd4j85bj6u55a_firmwarecr771a_firmwarea9t80b_firmwarew3u25_firmwaree4w43f0v64_firmwarej6u55d_firmwared3q15df5r96a_firmwarew1b33_firmwarecz283a_firmwarecz152a_firmwarecr771acm750a1jl02bd3q19da7f66ad3q19aa9t80bg0450f5r95f8b04am9l70a_firmwaree4w43_firmwarez4b53a_firmwarem2q28a_firmwarez4b12x3b09a_firmwaret8w35a_firmwaren4l17aj2d37a_firmwareg0v47d3q16aj9v87a_firmware1jl02b_firmwaref8b09w3u25t0g25az4b56a_firmwarecz282a_firmwarem9l80acv136acm749a_firmwarev1n01a4sc29aw1b31_firmwarek9h48_firmwaref0m65an4l18ccz276ae3e02ad3q21d1jl02a_firmwaref9a29bc9s13acq890c_firmwaret0f28a_firmwarev1n01a_firmwarea9u28b_firmwarem2u86j7k34a_firmware1dt61a_firmwared4j74t1q00d9l63a_firmwared4h21a_firmwaref9a28a_firmwarecq890a_firmwarez4b53at8x44_firmwaret5d67acq183a_firmwareb9s57cd7z36acn460acq891bf8b05acz025at0g50ak7c84_firmwarev1n02am9l70at8x39_firmwared3q17a_firmwaree3e03acv037aj9v82d_firmwaret0g45acq176k7g18a_firmwaret5d66a_firmwarek7s37a_firmware3yz74acn583aj6u55df1j00w1b33j6u55b_firmwaret6t77a3aw51ad3q15b_firmwarej6x80ad4h21aa9t89av1n02a_firmwarecn598a_firmwarej9v82bcq890ej9v82a_firmwarem2u76cv136a_firmwaret8w35af9a29aa7f65ad9l64ae1d34am9l73af8b06acn216a_firmwarea9u23b4l03m2u85cn581ad3q15a_firmwarecn577a_firmwared7z37at0g25a_firmwarecx042_firmwarej7k33a_firmwarej6u69_firmwarek7v42cd3q20b_firmwarecq893a_firmwarecz045az4b56af9a28b_firmwarez4a54p4c78a_firmwarey3z46f9d36_firmwarecq893ar_firmwarej3p68a_firmwaret3p04a_firmwarem9l81aj9v87ak9t013aw44ab9s58a_firmwared3a78bb4l08a_firmwarecn577az6z97a_firmwarej6u69cz276a_firmwarecq893ea9j411jl02a2nd31af1h96d4h25a_firmwarecq893c2nd31a_firmwareb9s76a9j40acn581a_firmwared3q16a_firmwarecz283ad3p93a_firmwaref9a29a_firmwarem2u86_firmwarej6u59_firmwarek7s34a_firmwareg3j47aj9v80af8b05a_firmwaret5d66af8b12a_firmwarecr768af8b09_firmwarek7g93a_firmwarem2u91_firmwarem9l73a_firmwarek7g93aa9u28bj7a28acq890bf5r96af8b13a_firmwarey5h60a_firmwaret0g56a_firmwarek4u04b_firmware1dt61ak9u05b_firmwarej7k34acx042d3q21ay3z57_firmwarecq176_firmwarey3z44cx017aj6x80a_firmwaref5r95_firmwarej6u55ay3z47e3e02a_firmwaref9a28bj9v86ae3e03a_firmwarecz992a_firmwarek9z76a_firmwarey5h60acq890e_firmwarem2u91d3q17ccn463a_firmwarecq891az6z11ag1w52af9a29b_firmwared3a82a_firmwarej5t77a_firmwaref0m65a_firmwarem2u751sh08cz992a4uj28b_firmwarecr769ak9z76dp4c78ay5z00acr7770a_firmwared3p93am9l65ad3q19a_firmwareg0v48c_firmwaret1q00_firmwaref5s57a_firmwarej9v82ccn459aa9u19ag0v48b_firmwarej5t77ab9s56a_firmwarew3u23_firmwarez4b07a_firmwarem9l80a_firmwarecx017a_firmwarez6z11a_firmwarej6u59j7k33aj7a28a_firmwarek7g86_firmwarecv037a_firmwarek9h57_firmwareb9s76_firmwaref0v67j9v80b_firmware1sh08_firmwareb9s57c_firmwarecz282al9b95ad9l18ad3q20dcn463al8l91a_firmwared3q20c_firmwaret8w51a_firmwaret0g50a_firmwarej6u63m2q28at0f29acz293ad3q16c_firmwarej6u55c_firmwarecr768a_firmwaren9m07ak9h48cq761ad9l18a_firmwaret8x44cz294a_firmwarem9l81a_firmwarey3z44_firmwarecq893an4l14c_firmwared3q17dk9t01_firmwarey3z46_firmwaret6t77a_firmwarecz292a_firmwarez4a54_firmwaref0v63_firmwared9l63ad3q16d_firmwarecq891a_firmwarej6u55ccz045a_firmwaree2d42a_firmwaref0v63z4b07ak9v76j7a31ak7g86d9l20ab4l03_firmwarea9u19a_firmwarecq890aj9v82b_firmwarecn216af5s60a_firmwared4h22acr769a_firmwareb9s56an4k99ck4u04bf5s57aj9v86a_firmwaref5s00_firmwarea9j40a_firmwarej6u57bt1p36_firmwarea9j41_firmwarew1b31g5j38a_firmwarecq761a_firmwarecn460a_firmwaree1d34a_firmwaref1h97cz152ab4l08ag1w52a_firmwared4h24b_firmwarey5z00a_firmwared3q21cg3j47a_firmwarel8l91aj9v80bd3q17acr7770am9l65a_firmwaret0g45a_firmwarew1b37f8b13ay3z47_firmwared3a78b_firmwarej9v82c_firmwarey3z54cq890dt0f28ay3z54_firmwarey0s18a_firmware4sc29a_firmwaret5d67a_firmwaret1p36cz293a_firmwared3q17d_firmwarecn461acq890d_firmwaren4l18c_firmwarek9v76_firmwarecz292al9b95a_firmwarecq890b_firmwaref9a28ak4t99b_firmwarew1b38_firmwarecz284at0k98a_firmwared3q16cf5s65a_firmwarel9d57a_firmwarec9s13a_firmwarek9z76d_firmware3aw51a_firmwared3q15d_firmwarej3p68ay0s19at0g54ak7s42acz993acz284a_firmwarea9t89a_firmwared3q19d_firmwaret0g70acq893b_firmwaret1p99n4k99c_firmwared3q20a_firmwaref8b04a_firmwarey3z45_firmwarej6u57b_firmwarez6z95ad7z37a_firmwarev1n08a_firmware4uj28bcq891b_firmwaret0g54a_firmwarek7s34ad3q16bk9h57e2d42ak7v35_firmwaret8w51af1h97_firmwarek7g18acz025a_firmwarez6z97ag0v47_firmwared9l20a_firmware3aw44a_firmwarey3z57n9m07a_firmwared9l19aa7f66a_firmwarem2u81_firmwarej6u55ba9u23_firmwaref9d36d3q21a_firmwaren4l14ck7c84d3q20d_firmwaref5s43p0r21aa7f64a_firmwaret0f29a_firmwarea7f64aa9t80a_firmwarecq893arcq183ad3q16df1j00_firmwaret8x39g0v48bcn598ay3z45d3q21c_firmwaref8b12av6d27v6d27_firmwarew1b39f0v67_firmwarem2u75_firmwarek9u05bj9v82dz6z95a_firmwaret0a23a_firmwared4j85b_firmwareg5j38at1p99_firmwaret0g70a_firmwared4h25ak7s37ag1x85a_firmwarecz294ad3q20bd4j74_firmwared3q16b_firmwared3q20cg0v48cd4h24bHP inkjet printers
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-1572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.40% / 60.74%
||
7 Day CHG~0.00%
Published-01 Jun, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jmfn/a
CVE-1999-0320
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.48% / 65.27%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunossolarisn/a
CVE-2007-6331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.91% / 91.44%
||
7 Day CHG~0.00%
Published-13 Dec, 2007 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.

Action-Not Available
Vendor-n/aHP Inc.
Product-quick_launch_buttoninfo_centern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-3271
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-1.38% / 80.41%
||
7 Day CHG~0.00%
Published-29 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-integrated_lights-out_4_firmwareintegrated_lights-out_3_firmwaren/a
CVE-1999-0353
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.31% / 54.27%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

Action-Not Available
Vendor-n/aHP Inc.
Product-hp-uxn/a
CVE-2012-6277
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-3.25% / 87.19%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 16:50
Updated-06 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."

Action-Not Available
Vendor-n/aSymantec CorporationHP Inc.IBM Corporation
Product-dominodata_loss_prevention_enforce\/detection_serversautonomy_keyview_idolnotesdata_loss_prevention_endpointmessaging_gatewaymail_securityAutonomy KeyView IDOL
CVE-2011-3508
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-1.19% / 78.91%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunosn/a
CVE-2012-4953
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.3||HIGH
EPSS-9.49% / 92.86%
||
7 Day CHG~0.00%
Published-14 Nov, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protectionantivirusscan_enginen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0295
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.24% / 90.02%
||
7 Day CHG~0.00%
Published-23 May, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protectionn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-0504
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-1.38% / 80.35%
||
7 Day CHG~0.00%
Published-15 Feb, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2011-4787
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-0.61% / 69.97%
||
7 Day CHG~0.00%
Published-12 Jan, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.

Action-Not Available
Vendor-n/aHP Inc.
Product-easy_printer_care_softwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4786
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-63.63% / 98.43%
||
7 Day CHG~0.00%
Published-12 Jan, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.

Action-Not Available
Vendor-n/aHP Inc.
Product-easy_printer_care_softwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4790
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-4.02% / 88.52%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-network_automationn/a
CVE-2011-3551
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-6.04% / 90.77%
||
7 Day CHG~0.00%
Published-19 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrockitjdkjren/a
CVE-2011-2424
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-16.13% / 94.82%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures."

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2428
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.74% / 86.05%
||
7 Day CHG~0.00%
Published-22 Sep, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue."

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2430
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-8.33% / 92.31%
||
7 Day CHG~0.00%
Published-22 Sep, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability."

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2426
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-13.77% / 94.31%
||
7 Day CHG~0.00%
Published-22 Sep, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2458
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-1.02% / 77.31%
||
7 Day CHG~0.00%
Published-11 Nov, 2011 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2011-1864
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-10.66% / 93.34%
||
7 Day CHG~0.00%
Published-14 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CVE-2011-0688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.04% / 83.94%
||
7 Day CHG~0.00%
Published-31 Jan, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-system_centerantivirus_central_quarantine_serverantivirusn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-0273
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-7.17% / 91.61%
||
7 Day CHG~0.00%
Published-25 Jan, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protector_cell_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3649
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3648
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3650
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3647
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3644
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3639
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-24.43% / 96.14%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3645
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3652
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3642
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.54%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-3550
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-7.64% / 91.91%
||
7 Day CHG~0.00%
Published-19 Oct, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2010-3636
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-1.68% / 82.25%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-2305
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.96% / 92.10%
||
7 Day CHG+1.81%
Published-16 Jun, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-sygate_personal_firewalln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2709
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-83.73% / 99.30%
||
7 Day CHG~0.00%
Published-05 Aug, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1033
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-22.59% / 95.88%
||
7 Day CHG~0.00%
Published-21 Apr, 2010 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.

Action-Not Available
Vendor-n/aHP Inc.
Product-operations_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0131
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-6.06% / 90.79%
||
7 Day CHG~0.00%
Published-17 Aug, 2010 | 17:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr.dll), as used in Autonomy KeyView 10.4 and 10.9, Symantec Mail Security, and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to floating point conversion in unknown record types.

Action-Not Available
Vendor-autonomyn/aSymantec Corporation
Product-mail_securitykeyview_export_sdkkeyview_filter_sdkkeyview_viewer_sdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0111
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-60.59% / 98.30%
||
7 Day CHG~0.00%
Published-31 Jan, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-system_centerantivirus_central_quarantine_serverantivirusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-4502
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-64.14% / 98.45%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

Action-Not Available
Vendor-n/aFreeBSD FoundationZABBIXSun Microsystems (Oracle Corporation)
Product-solarisfreebsdzabbixn/a
CVE-2009-4211
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.46% / 64.16%
||
7 Day CHG~0.00%
Published-04 Dec, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.

Action-Not Available
Vendor-disan/aSun Microsystems (Oracle Corporation)
Product-solarissrr_for_solarisn/a
CVE-2009-3865
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.77% / 82.76%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3874
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-16.85% / 94.98%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejava_sesolariswindowssdkn/a
CVE-2009-3872
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.73% / 93.73%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejava_sesolariswindowssdkn/a
CVE-2009-3867
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-89.14% / 99.54%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejava_sesolariswindowssdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found