Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-0061

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Sep, 2007 | 18:00
Updated At-07 Aug, 2024 | 12:03
Rejected At-
Credits

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Sep, 2007 | 18:00
Updated At:07 Aug, 2024 | 12:03
Rejected At:
▼CVE Numbering Authority (CNA)

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
mailing-list
x_refsource_FULLDISC
http://www.securityfocus.com/bid/25729
vdb-entry
x_refsource_BID
http://security.gentoo.org/glsa/glsa-200711-23.xml
vendor-advisory
x_refsource_GENTOO
http://www.ubuntu.com/usn/usn-543-1
vendor-advisory
x_refsource_UBUNTU
http://www.securitytracker.com/id?1018717
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2007/3229
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/27694
third-party-advisory
x_refsource_SECUNIA
http://www.iss.net/threats/275.html
third-party-advisory
x_refsource_ISS
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
x_refsource_CONFIRM
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
vdb-entry
x_refsource_XF
http://secunia.com/advisories/26890
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
x_refsource_CONFIRM
http://www.vmware.com/support/player/doc/releasenotes_player.html
x_refsource_CONFIRM
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
http://secunia.com/advisories/27706
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
x_refsource_CONFIRM
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.securityfocus.com/bid/25729
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securitytracker.com/id?1018717
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/27694
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.iss.net/threats/275.html
Resource:
third-party-advisory
x_refsource_ISS
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/26890
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/27706
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.securityfocus.com/bid/25729
vdb-entry
x_refsource_BID
x_transferred
http://security.gentoo.org/glsa/glsa-200711-23.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.ubuntu.com/usn/usn-543-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securitytracker.com/id?1018717
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2007/3229
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/27694
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.iss.net/threats/275.html
third-party-advisory
x_refsource_ISS
x_transferred
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/26890
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/player/doc/releasenotes_player.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/27706
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25729
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018717
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/27694
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.iss.net/threats/275.html
Resource:
third-party-advisory
x_refsource_ISS
x_transferred
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/26890
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/27706
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Sep, 2007 | 19:17
Updated At:23 Apr, 2026 | 00:35

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
VMware (Broadcom Inc.)
vmware
>>ace>>Versions from 1.0(inclusive) to 1.0.3(exclusive)
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>ace>>Versions from 2.0(inclusive) to 2.0.1(exclusive)
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>player>>Versions from 1.0(inclusive) to 1.0.5(exclusive)
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>player>>Versions from 2.0(inclusive) to 2.0.1(exclusive)
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>server>>Versions from 1.0(inclusive) to 1.0.4(exclusive)
cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>Versions from 5.5(inclusive) to 5.5.5(exclusive)
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>Versions from 6.0(inclusive) to 6.0.1(exclusive)
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.0.2
cpe:2.3:o:vmware:esx:2.0.2:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.1.3
cpe:2.3:o:vmware:esx:2.1.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.5.3
cpe:2.3:o:vmware:esx:2.5.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.5.4
cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>3.0.0
cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>3.0.1
cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.10
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-06-03T00:00:00

Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References
HyperlinkSourceResource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlcve@mitre.org
Third Party Advisory
http://secunia.com/advisories/26890cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/27694cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/27706cve@mitre.org
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-23.xmlcve@mitre.org
Third Party Advisory
http://www.iss.net/threats/275.htmlcve@mitre.org
Patch
Third Party Advisory
http://www.securityfocus.com/bid/25729cve@mitre.org
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018717cve@mitre.org
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-543-1cve@mitre.org
Third Party Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3229cve@mitre.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33101cve@mitre.org
VDB Entry
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/26890af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/27694af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/27706af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-23.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.iss.net/threats/275.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
http://www.securityfocus.com/bid/25729af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018717af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-543-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3229af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33101af854a3a-2127-422b-91ae-364da2661108
VDB Entry
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/26890
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27694
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27706
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.iss.net/threats/275.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/25729
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018717
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
Source: cve@mitre.org
Resource:
VDB Entry
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/26890
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27694
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.iss.net/threats/275.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/25729
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018717
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33101
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

2197Records found
CVE-2019-10269
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.91% / 85.19%
||
7 Day CHG~0.00%
Published-29 Mar, 2019 | 04:54
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.

Action-Not Available
Vendor-burrow-wheeler_aligner_projectn/aCanonical Ltd.
Product-ubuntu_linuxburrow-wheeler_alignern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-4479
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-9.03% / 94.61%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxopensusen/a
CVE-2015-4474
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-6.44% / 92.83%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxopensusen/a
CVE-2015-4477
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-6.33% / 92.73%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxopensusen/a
CVE-2010-3116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.69% / 88.29%
||
7 Day CHG~0.00%
Published-24 Aug, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Google LLC
Product-ubuntu_linuxiphone_ossafarichromewebkitgtkn/a
CWE ID-CWE-416
Use After Free
CVE-2021-21985
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 14:04
Updated-30 Oct, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servercloud_foundationVMware vCenter Server and VMware Cloud FoundationvCenter Server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-21986
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-12.92% / 95.80%
||
7 Day CHG+0.64%
Published-26 May, 2021 | 14:04
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servercloud_foundationVMware vCenter Server and VMware Cloud Foundation
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2015-3408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.66% / 91.97%
||
7 Day CHG~0.00%
Published-19 May, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

Action-Not Available
Vendor-module-signature_projectn/aCanonical Ltd.
Product-module-signatureubuntu_linuxn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-21972
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-99.57% / 99.94%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 16:42
Updated-30 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloud_foundationvcenter_serverVMware Cloud FoundationVMware vCenter ServervCenter Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-2734
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.65% / 83.70%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationSUSEMozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxfirefox_esrlinux_enterprise_desktopubuntu_linuxdebian_linuxsuse_linux_enterprise_serverlinux_enterprise_serversolarislinux_enterprise_software_development_kitn/a
CVE-2015-2737
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.65% / 83.70%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationSUSEMozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxfirefox_esrubuntu_linuxlinux_enterprise_desktopdebian_linuxsuse_linux_enterprise_serversolarislinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2020-8794
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-88.53% / 99.75%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 16:38
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.

Action-Not Available
Vendor-opensmtpdn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-opensmtpdubuntu_linuxdebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-2342
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-89.05% / 99.76%
||
7 Day CHG~0.00%
Published-12 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servern/a
CVE-2015-2738
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.65% / 83.70%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationSUSEMozilla CorporationDebian GNU/Linux
Product-thunderbirddebian_linuxubuntu_linuxlinux_enterprise_desktopfirefoxfirefox_esrsuse_linux_enterprise_serverlinux_enterprise_serversolarislinux_enterprise_software_development_kitn/a
CVE-2015-2590
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-25.71% / 97.70%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-21 Apr, 2026 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.Oracle CorporationDebian GNU/LinuxRed Hat, Inc.SUSE
Product-enterprise_linux_eusdebian_linuxubuntu_linuxenterprise_linux_for_power_little_endianjrelinux_enterprise_desktopenterprise_linux_server_tusenterprise_linux_for_ibm_z_systemsenterprise_linux_desktopenterprise_linux_for_power_big_endian_euslinux_enterprise_debuginfoenterprise_linux_for_power_big_endianlinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_for_ibm_z_systems_eussatellitejdkenterprise_linux_serverenterprise_linux_workstationenterprise_linux_for_power_little_endian_eusopensusen/aJava SE
CVE-2020-7247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-98.97% / 99.92%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 15:53
Updated-07 Nov, 2025 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxFedora ProjectOpenBSD
Product-ubuntu_linuxdebian_linuxopensmtpdfedoran/aOpenSMTPD
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-1421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-9.90% / 94.96%
||
7 Day CHG~0.00%
Published-16 Mar, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CVE-2014-0462
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.28% / 80.88%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Oracle Corporation
Product-debian_linuxubuntu_linuxopenjdkn/a
CVE-2020-3992
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-83.02% / 99.63%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 16:11
Updated-30 Oct, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-cloud_foundationesxiVMware ESXiESXi
CWE ID-CWE-416
Use After Free
CVE-2015-0240
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-87.64% / 99.73%
||
7 Day CHG~0.00%
Published-24 Feb, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Action-Not Available
Vendor-n/aCanonical Ltd.SambaNovellRed Hat, Inc.
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_serversambasuse_linux_enterprise_desktopenterprise_linuxn/a
CVE-2015-0408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.15% / 93.46%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationNovellRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxjdkjresuse_linux_enterprise_serversuse_linux_enterprise_desktopenterprise_linuxopensusen/a
CVE-2014-7169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-99.94% / 99.97%
||
7 Day CHG~0.00%
Published-25 Sep, 2014 | 01:00
Updated-22 Apr, 2026 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Action-Not Available
Vendor-mageian/aSUSERed Hat, Inc.Citrix (Cloud Software Group, Inc.)F5, Inc.NovellApple Inc.Oracle CorporationVMware (Broadcom Inc.)Debian GNU/LinuxArista Networks, Inc.QNAP Systems, Inc.GNUIBM CorporationCanonical Ltd.openSUSECheck Point Software Technologies Ltd.
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2005-2700
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-30.58% / 98.00%
||
7 Day CHG~0.00%
Published-06 Sep, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxubuntu_linuxhttp_servern/a
CVE-2014-6601
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.15% / 93.46%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationNovellRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxjdkjresuse_linux_enterprise_serversuse_linux_enterprise_desktopenterprise_linuxopensusen/a
CVE-2014-6271
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-24 Sep, 2014 | 18:00
Updated-22 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Action-Not Available
Vendor-mageian/aSUSERed Hat, Inc.Citrix (Cloud Software Group, Inc.)F5, Inc.NovellApple Inc.Oracle CorporationVMware (Broadcom Inc.)Debian GNU/LinuxArista Networks, Inc.QNAP Systems, Inc.GNUIBM CorporationCanonical Ltd.openSUSECheck Point Software Technologies Ltd.
Product-big-ip_application_acceleration_managerbig-ip_advanced_firewall_managerstn6800storwize_v7000_firmwareenterprise_linux_for_ibm_z_systemsbashmageiabig-ip_wan_optimization_managerstorwize_v3500stn7800_firmwarebig-ip_protocol_security_moduleenterprise_linux_serverenterprise_linux_workstationstorwize_v3700storwize_v3700_firmwarebig-ip_global_traffic_managergluster_storage_server_for_on-premisebig-ip_edge_gatewayopensusestorwize_v3500_firmwareenterprise_managertraffix_signaling_delivery_controllerbig-iq_devicevcenter_server_applianceenterprise_linux_desktopstn7800san_volume_controllerlinux_enterprise_serversecurity_access_manager_for_web_8.0_firmwareenterprise_linux_server_aussan_volume_controller_firmwaresoftware_defined_network_for_virtual_environmentsbig-iq_cloudlinux_enterprise_software_development_kitnetscaler_sdxqtsbig-ip_analyticsbig-ip_local_traffic_managerstudio_onsitebig-ip_access_policy_managerlinuxinfosphere_guardium_database_activity_monitoringqradar_risk_managerubuntu_linuxarxeosenterprise_linux_server_tusbig-iq_securityqradar_vulnerability_managerstn6500enterprise_linux_server_from_rhuistn6800_firmwareflex_system_v7000flex_system_v7000_firmwarenetscaler_sdx_firmwarestn6500_firmwarestorwize_v5000security_access_manager_for_mobile_8.0_firmwarestarter_kit_for_cloudenterprise_linux_eusvirtualizationsecurity_access_manager_for_web_7.0_firmwaresmartcloud_entry_appliancebig-ip_application_security_managerdebian_linuxlinux_enterprise_desktopmac_os_xzenworks_configuration_managementesxbig-ip_webacceleratorenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianworkload_deployerqradar_security_information_and_event_managerarx_firmwarestorwize_v5000_firmwaresecurity_gatewaybig-ip_policy_enforcement_managersmartcloud_provisioningpureapplication_systemstorwize_v7000open_enterprise_serverenterprise_linux_for_scientific_computingbig-ip_link_controllerenterprise_linuxn/aBourne-Again Shell (Bash)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-2405
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.28% / 80.88%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Oracle Corporation
Product-debian_linuxubuntu_linuxopenjdkn/a
CVE-2014-2421
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-6.58% / 92.96%
||
7 Day CHG-0.64%
Published-16 Apr, 2014 | 02:05
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aCanonical Ltd.Juniper Networks, Inc.IBM CorporationOracle CorporationMicrosoft CorporationDebian GNU/Linux
Product-jrockitdebian_linuxubuntu_linuxjdkjrejunos_spaceforms_viewerwindowsn/a
CVE-2014-1488
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-7.00% / 93.34%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationSUSEMozilla Corporation
Product-firefoxubuntu_linuxseamonkeylinux_enterprise_desktopsolarislinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CVE-2014-1478
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-6.78% / 93.15%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationMozilla Corporation
Product-firefoxubuntu_linuxseamonkeysolarisopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-2523
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.38% / 95.14%
||
7 Day CHG~0.00%
Published-24 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1486
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.07% / 93.39%
||
7 Day CHG+0.19%
Published-06 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/LinuxFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2014-1512
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-31.37% / 98.05%
||
7 Day CHG+0.74%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2014-0457
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.22% / 93.52%
||
7 Day CHG-0.29%
Published-16 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aCanonical Ltd.Juniper Networks, Inc.IBM CorporationOracle CorporationMicrosoft CorporationDebian GNU/Linux
Product-jrockitdebian_linuxubuntu_linuxjdkjrejunos_spaceforms_viewerwindowsn/a
CVE-2014-0429
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.51% / 93.71%
||
7 Day CHG~0.00%
Published-15 Apr, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aCanonical Ltd.Juniper Networks, Inc.IBM CorporationOracle CorporationMicrosoft CorporationDebian GNU/Linux
Product-jrockitdebian_linuxubuntu_linuxjdkjrejunos_spaceforms_viewerwindowsn/a
CVE-2014-0456
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-6.58% / 92.96%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aCanonical Ltd.Juniper Networks, Inc.IBM CorporationOracle CorporationMicrosoft CorporationDebian GNU/Linux
Product-jrockitdebian_linuxubuntu_linuxjdkjrejunos_spaceforms_viewerwindowsn/a
CVE-2014-0474
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-10||HIGH
EPSS-4.75% / 90.72%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

Action-Not Available
Vendor-n/aCanonical Ltd.Django
Product-ubuntu_linuxdjangon/a
CVE-2014-0247
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-3.92% / 88.99%
||
7 Day CHG+0.11%
Published-03 Jul, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.

Action-Not Available
Vendor-libreofficen/aCanonical Ltd.openSUSERed Hat, Inc.Fedora Project
Product-ubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplibreofficefedoraopensusen/a
CVE-2013-6671
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.08% / 95.35%
||
7 Day CHG+0.21%
Published-11 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-5830
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.19% / 93.49%
||
7 Day CHG+0.13%
Published-16 Oct, 2013 | 17:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle Corporation
Product-jrockitubuntu_linuxjdkjreenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusn/a
CVE-2013-5610
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-6.51% / 92.90%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationSUSEMozilla CorporationFedora Project
Product-firefoxubuntu_linuxseamonkeylinux_enterprise_desktopsolarislinux_enterprise_serverfedoralinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-5618
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.41% / 95.14%
||
7 Day CHG+0.19%
Published-11 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2013-5842
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-17.61% / 96.76%
||
7 Day CHG+0.32%
Published-16 Oct, 2013 | 17:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle Corporation
Product-ubuntu_linuxenterprise_linux_serverjdkjreenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusn/a
CVE-2013-5829
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.19% / 93.49%
||
7 Day CHG+0.13%
Published-16 Oct, 2013 | 17:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5809.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle Corporation
Product-ubuntu_linuxenterprise_linux_serverjdkjreenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusn/a
CVE-2013-5609
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.09% / 94.08%
||
7 Day CHG+0.15%
Published-11 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CVE-2013-5613
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.45% / 94.79%
||
7 Day CHG+0.18%
Published-11 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationFedora Project
Product-thunderbirdsuse_linux_enterprise_software_development_kitubuntu_linuxseamonkeyenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_ausfedorafirefoxenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_serverenterprise_linux_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2013-1405
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.80% / 84.64%
||
7 Day CHG~0.00%
Published-15 Feb, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-virtualcentervsphere_clientesxvcenter_serveresxivi-clientn/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-0422
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-97.61% / 99.89%
||
7 Day CHG~0.00%
Published-10 Jan, 2013 | 21:23
Updated-21 Apr, 2026 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.

Action-Not Available
Vendor-n/aOracle CorporationopenSUSECanonical Ltd.
Product-ubuntu_linuxjdkjreopensusen/aJava Runtime Environment (JRE)
CWE ID-CWE-284
Improper Access Control
CVE-2012-3961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.66% / 93.03%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_eusenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2012-3959
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.70% / 90.63%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrdebian_linuxenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_eusenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2012-3968
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.90% / 92.28%
||
7 Day CHG~0.00%
Published-29 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSERed Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxubuntu_linuxseamonkeylinux_enterprise_desktopenterprise_linux_serverenterprise_linux_workstationthunderbird_esrenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_eusenterprise_linux_euslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 43
  • 44
  • Next
Details not found