Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-1307

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 May, 2005 | 04:00
Updated At-08 Aug, 2024 | 00:46
Rejected At-
Credits

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 May, 2005 | 04:00
Updated At:08 Aug, 2024 | 00:46
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
third-party-advisory
x_refsource_CERT
http://www.kb.cert.org/vuls/id/539110
third-party-advisory
x_refsource_CERT-VN
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
vendor-advisory
x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
vendor-advisory
x_refsource_SUNALERT
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true
third-party-advisory
x_refsource_IDEFENSE
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
vendor-advisory
x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.kb.cert.org/vuls/id/539110
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
Resource:
vdb-entry
signature
x_refsource_OVAL
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.kb.cert.org/vuls/id/539110
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/539110
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Dec, 2004 | 05:00
Updated At:03 Apr, 2025 | 01:03

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Avaya LLC
avaya
>>call_management_system_server>>8.0
cpe:2.3:a:avaya:call_management_system_server:8.0:*:*:*:*:*:*:*
Avaya LLC
avaya
>>call_management_system_server>>9.0
cpe:2.3:a:avaya:call_management_system_server:9.0:*:*:*:*:*:*:*
Avaya LLC
avaya
>>call_management_system_server>>11.0
cpe:2.3:a:avaya:call_management_system_server:11.0:*:*:*:*:*:*:*
Avaya LLC
avaya
>>call_management_system_server>>12.0
cpe:2.3:a:avaya:call_management_system_server:12.0:*:*:*:*:*:*:*
Avaya LLC
avaya
>>call_management_system_server>>13.0
cpe:2.3:a:avaya:call_management_system_server:13.0:*:*:*:*:*:*:*
Avaya LLC
avaya
>>cvlan>>*
cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*
Avaya LLC
avaya
>>integrated_management>>*
cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*
Avaya LLC
avaya
>>interactive_response>>*
cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*
Avaya LLC
avaya
>>interactive_response>>1.2.1
cpe:2.3:a:avaya:interactive_response:1.2.1:*:*:*:*:*:*:*
Avaya LLC
avaya
>>interactive_response>>1.3
cpe:2.3:a:avaya:interactive_response:1.3:*:*:*:*:*:*:*
Avaya LLC
avaya
>>intuity_audix_lx>>*
cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>icontrol_service_manager>>1.3
cpe:2.3:a:f5:icontrol_service_manager:1.3:*:*:*:*:*:*:*
F5, Inc.
f5
>>icontrol_service_manager>>1.3.4
cpe:2.3:a:f5:icontrol_service_manager:1.3.4:*:*:*:*:*:*:*
F5, Inc.
f5
>>icontrol_service_manager>>1.3.5
cpe:2.3:a:f5:icontrol_service_manager:1.3.5:*:*:*:*:*:*:*
F5, Inc.
f5
>>icontrol_service_manager>>1.3.6
cpe:2.3:a:f5:icontrol_service_manager:1.3.6:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.4
cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.1
cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.2
cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.3
cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.4
cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.5
cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.5.7
cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.6.0
cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.6.1
cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
LibTIFF
libtiff
>>libtiff>>3.7.0
cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>propack>>3.0
cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
conectiva
conectiva
>>linux>>9.0
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
conectiva
conectiva
>>linux>>10.0
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
Avaya LLC
avaya
>>mn100>>*
cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.1
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.2
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.3
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.4
cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.5
cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.6
cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.7
cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.8
cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.3.9
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3
cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.1
cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.2
cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.3
cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.4
cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.5
cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.6
cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.7
cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.8
cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.3.9
cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
Avaya LLC
avaya
>>modular_messaging_message_storage_server>>1.1
cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-08-12T00:00:00

This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlcve@mitre.org
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1cve@mitre.org
N/A
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=truecve@mitre.org
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/539110cve@mitre.org
Patch
Third Party Advisory
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlcve@mitre.org
US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=trueaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/539110af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/539110
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/539110
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
US Government Resource
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA05-136A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2002-0655
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.72%
||
7 Day CHG~0.00%
Published-31 Jul, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-n/aOpenSSLOracle CorporationApple Inc.
Product-http_serverapplication_serveropensslcorporate_time_outlook_connectormac_os_xn/a
CVE-2002-0573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-47.42% / 97.61%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-2001-1456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.06% / 92.30%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.

Action-Not Available
Vendor-network_associatespgpn/aMcAfee, LLCSilicon Graphics, Inc.
Product-gauntlet_firewallirixmcafee_e-ppliancee-ppliance_300webshield_smtpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2001-1446
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.09%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2002-0652
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.84% / 90.96%
||
7 Day CHG~0.00%
Published-01 Jul, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().

Action-Not Available
Vendor-n/aSilicon Graphics, Inc.
Product-irixn/a
CVE-2002-0002
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.92% / 94.28%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Action-Not Available
Vendor-engardelinuxstunneln/aRed Hat, Inc.Mandriva (Mandrakesoft)
Product-linuxsecure_linuxstunnelmandrake_linuxn/a
CVE-2001-1449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.09% / 89.41%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

Action-Not Available
Vendor-n/aThe Apache Software FoundationMandriva (Mandrakesoft)
Product-mandrake_single_network_firewallhttp_servermandrake_linux_corporate_servermandrake_linuxn/a
CVE-2002-0017
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.05% / 90.37%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.

Action-Not Available
Vendor-n/aSilicon Graphics, Inc.
Product-irixn/a
CVE-2011-3966
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-09 Feb, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ositunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2001-1480
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.61%
||
7 Day CHG~0.00%
Published-21 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Apple Inc.
Product-sdkjremac_os_runtime_for_javajdkn/a
CVE-2002-0676
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.42% / 90.66%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2002-0348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.59% / 89.94%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-cobalt_raq_3icobalt_raq_2cobalt_raq_4n/a
CVE-2011-3913
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.29% / 84.06%
||
7 Day CHG~0.00%
Published-13 Dec, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ositunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2001-1531
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.15% / 88.20%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename.

Action-Not Available
Vendor-n/aApple Inc.
Product-claris_emailern/a
CVE-2001-1307
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.47% / 91.39%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-iplanet_directory_servern/a
CVE-2001-1328
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.21% / 90.49%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunosn/a
CVE-2011-3924
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.34% / 84.23%
||
7 Day CHG~0.00%
Published-24 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ositunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2001-1030
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.31%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Action-Not Available
Vendor-immunixsquidtrustixn/aThe MITRE Corporation (Caldera)Red Hat, Inc.Mandriva (Mandrakesoft)
Product-openlinux_serversquid_web_proxymandrake_linux_corporate_serverimmunixmandrake_single_network_firewalllinuxsecure_linuxmandrake_linuxn/a
CVE-2001-0690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.93% / 95.25%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

Action-Not Available
Vendor-university_of_cambridgeconectivan/aDebian GNU/LinuxRed Hat, Inc.
Product-eximlinuxdebian_linuxn/a
CVE-2011-3556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-89.14% / 99.51%
||
7 Day CHG~0.00%
Published-19 Oct, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejrockitn/a
CVE-2011-3460
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PNG file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2001-1414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.50%
||
7 Day CHG~0.00%
Published-08 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-2001-0766
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.81% / 94.03%
||
7 Day CHG~0.00%
Published-12 Oct, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

Action-Not Available
Vendor-n/aThe Apache Software FoundationApple Inc.
Product-mac_os_xhttp_servern/a
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2001-0720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.21%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2011-2823
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.29% / 84.06%
||
7 Day CHG~0.00%
Published-29 Aug, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ositunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2001-0458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.72% / 81.61%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-ralf_s._engelschalln/aDebian GNU/LinuxSUSEMandriva (Mandrakesoft)
Product-eperlsuse_linuxdebian_linuxmandrake_linuxn/a
CVE-2001-0440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.11% / 93.19%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Action-Not Available
Vendor-licqconectivan/aMandriva (Mandrakesoft)
Product-linuxlicqmandrake_linuxn/a
CVE-2001-0632
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.05%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-chilisoftn/a
CVE-2001-0922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.50%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-netdynamicsn/a
CVE-2001-1262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.35%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.

Action-Not Available
Vendor-n/aAvaya LLC
Product-argent_officen/a
CVE-2011-2860
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.12% / 83.43%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ositunessafarichromen/a
CWE ID-CWE-416
Use After Free
CVE-2001-0439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.08% / 76.91%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Action-Not Available
Vendor-licqconectivan/aRed Hat, Inc.FreeBSD FoundationMandriva (Mandrakesoft)
Product-licqmandrake_linux_corporate_serverfreebsdlinuxmandrake_linuxn/a
CVE-2016-5022
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 78.92%
||
7 Day CHG~0.00%
Published-07 Sep, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_analyticsenterprise_managerbig-iq_centralized_managementbig-ip_domain_name_systembig-ip_local_traffic_managerbig-iq_securitybig-ip_advanced_firewall_managerbig-iq_cloudbig-ip_protocol_security_modulebig-ip_link_controllerbig-ip_edge_gatewaybig-ip_wan_optimization_managerbig-ip_application_acceleration_managerf5_iworkflowbig-ip_application_security_managerbig-ip_global_traffic_managerbig-ip_webacceleratorbig-iq_cloud_and_orchestrationbig-iq_devicebig-iq_application_delivery_controllerbig-ip_policy_enforcement_managerbig-ip_access_policy_managern/a
CWE ID-CWE-284
Improper Access Control
CVE-2001-0331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.36%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aSilicon Graphics, Inc.
Product-irixn/a
CVE-2011-2842
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.50%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-mac_os_xchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0696
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.38% / 92.46%
||
7 Day CHG~0.00%
Published-21 Sep, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solaris_answerbook2n/a
CVE-2000-1014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.70% / 92.11%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.

Action-Not Available
Vendor-scon/a
Product-unixwaren/a
CVE-2011-3453
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.91% / 82.49%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-1999-1450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.50%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.

Action-Not Available
Vendor-scon/a
Product-unixwareopenservern/a
CVE-2000-0158
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.22%
||
7 Day CHG~0.00%
Published-23 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.

Action-Not Available
Vendor-scon/a
Product-openservern/a
CVE-2016-4120
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.36% / 84.31%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4161
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.36% / 84.31%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2233
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.37% / 84.34%
||
7 Day CHG~0.00%
Published-01 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-1527
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.38%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-fortenetbeans_developern/a
CVE-1999-0302
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.58%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-1999-0795
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-2016-4607
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.74% / 88.99%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

Action-Not Available
Vendor-n/aApple Inc.Fedora Projectlibxml2 (XMLSoft)Microsoft Corporation
Product-fedorawatchosituneslibxslticloudwindowsiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0300
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.50%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-1999-0185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.70% / 85.28%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-1999-0517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-92.33% / 99.72%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SNMP community name is the default (e.g. public), null, or missing.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)HP Inc.
Product-sunoshp-uxn/a
Details not found