Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-0063

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Sep, 2007 | 18:00
Updated At-07 Aug, 2024 | 12:03
Rejected At-
Credits

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Sep, 2007 | 18:00
Updated At:07 Aug, 2024 | 12:03
Rejected At:
▼CVE Numbering Authority (CNA)

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
mailing-list
x_refsource_FULLDISC
http://www.securityfocus.com/bid/25729
vdb-entry
x_refsource_BID
http://security.gentoo.org/glsa/glsa-200711-23.xml
vendor-advisory
x_refsource_GENTOO
http://www.ubuntu.com/usn/usn-543-1
vendor-advisory
x_refsource_UBUNTU
https://exchange.xforce.ibmcloud.com/vulnerabilities/33103
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id?1018717
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2007/3229
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/27694
third-party-advisory
x_refsource_SECUNIA
http://www.iss.net/threats/275.html
third-party-advisory
x_refsource_ISS
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
x_refsource_CONFIRM
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
http://secunia.com/advisories/26890
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
x_refsource_CONFIRM
http://www.vmware.com/support/player/doc/releasenotes_player.html
x_refsource_CONFIRM
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
http://secunia.com/advisories/27706
third-party-advisory
x_refsource_SECUNIA
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
x_refsource_CONFIRM
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.securityfocus.com/bid/25729
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33103
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id?1018717
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/27694
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.iss.net/threats/275.html
Resource:
third-party-advisory
x_refsource_ISS
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/26890
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/27706
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.securityfocus.com/bid/25729
vdb-entry
x_refsource_BID
x_transferred
http://security.gentoo.org/glsa/glsa-200711-23.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.ubuntu.com/usn/usn-543-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/33103
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id?1018717
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2007/3229
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/27694
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.iss.net/threats/275.html
third-party-advisory
x_refsource_ISS
x_transferred
http://www.vmware.com/support/server/doc/releasenotes_server.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/player2/doc/releasenotes_player2.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/26890
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vmware.com/support/ace/doc/releasenotes_ace.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/player/doc/releasenotes_player.html
x_refsource_CONFIRM
x_transferred
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/27706
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25729
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33103
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018717
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/27694
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.iss.net/threats/275.html
Resource:
third-party-advisory
x_refsource_ISS
x_transferred
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/26890
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/27706
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Sep, 2007 | 19:17
Updated At:23 Apr, 2026 | 00:35

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
VMware (Broadcom Inc.)
vmware
>>ace>>Versions from 1.0(inclusive) to 1.0.3(exclusive)
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>ace>>Versions from 2.0(inclusive) to 2.0.1(exclusive)
cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>player>>Versions from 1.0(inclusive) to 1.0.5(exclusive)
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>player>>Versions from 2.0(inclusive) to 2.0.1(exclusive)
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>server>>Versions from 1.0(inclusive) to 1.0.4(exclusive)
cpe:2.3:a:vmware:server:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>Versions from 5.5(inclusive) to 5.5.5(exclusive)
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>Versions from 6.0(inclusive) to 6.0.1(exclusive)
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.0.2
cpe:2.3:o:vmware:esx:2.0.2:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.1.3
cpe:2.3:o:vmware:esx:2.1.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.5.3
cpe:2.3:o:vmware:esx:2.5.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>2.5.4
cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>3.0.0
cpe:2.3:o:vmware:esx:3.0.0:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esx>>3.0.1
cpe:2.3:o:vmware:esx:3.0.1:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.10
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-191Primarynvd@nist.gov
CWE ID: CWE-191
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-06-03T00:00:00

This issue is the same as CVE-2007-5365. The affected dhcp versions were fixed via: https://rhn.redhat.com/errata/RHSA-2007-0970.html

References
HyperlinkSourceResource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlcve@mitre.org
Third Party Advisory
http://secunia.com/advisories/26890cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/27694cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/27706cve@mitre.org
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-23.xmlcve@mitre.org
Third Party Advisory
http://www.iss.net/threats/275.htmlcve@mitre.org
Patch
Third Party Advisory
http://www.securityfocus.com/bid/25729cve@mitre.org
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018717cve@mitre.org
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-543-1cve@mitre.org
Third Party Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3229cve@mitre.org
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33103cve@mitre.org
Third Party Advisory
VDB Entry
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/26890af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/27694af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/27706af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-23.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.iss.net/threats/275.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
http://www.securityfocus.com/bid/25729af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018717af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-543-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vmware.com/support/ace/doc/releasenotes_ace.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/ace2/doc/releasenotes_ace2.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/player/doc/releasenotes_player.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/player2/doc/releasenotes_player2.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/server/doc/releasenotes_server.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vmware.com/support/ws6/doc/releasenotes_ws6.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2007/3229af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33103af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/26890
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27694
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27706
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.iss.net/threats/275.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/25729
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018717
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33103
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/26890
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27694
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/27706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200711-23.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.iss.net/threats/275.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/25729
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018717
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-543-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player/doc/releasenotes_player.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/server/doc/releasenotes_server.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/3229
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33103
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

179Records found
CVE-2008-5017
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-17.42% / 95.10%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-thunderbirddebian_linuxubuntu_linuxseamonkeyfirefoxn/a
CVE-2008-3692
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.24% / 79.32%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-serveraceplayerworkstationn/a
CVE-2008-3529
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-56.63% / 98.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2008 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-debian_linuxubuntu_linuxmac_os_xiphone_ossafarilibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3691
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.64% / 82.01%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-serveraceplayerworkstationn/a
CVE-2008-3693
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.24% / 79.32%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-serveraceplayerworkstationn/a
CVE-2008-3696
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.66% / 82.15%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-serveraceplayerworkstationn/a
CVE-2008-3892
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-66.00% / 98.53%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-serveraceplayerworkstationn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2663
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.28% / 87.25%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxRuby
Product-debian_linuxrubyubuntu_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2008-2662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.77% / 86.11%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxRuby
Product-debian_linuxrubyubuntu_linuxn/a
CVE-2016-7456
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-82.12% / 99.22%
||
7 Day CHG~0.00%
Published-29 Dec, 2016 | 09:02
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vsphere_data_protectionn/a
CVE-2016-7117
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-10.56% / 93.31%
||
7 Day CHG~0.00%
Published-10 Oct, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CVE-2008-0599
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-38.88% / 97.28%
||
7 Day CHG~0.00%
Published-05 May, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.The PHP GroupFedora Project
Product-ubuntu_linuxphpmac_os_xfedoramac_os_x_servern/a
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2016-5118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-31.78% / 96.83%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEOracle CorporationSUSEDebian GNU/LinuxGraphicsMagick
Product-debian_linuxubuntu_linuxlinux_enterprise_desktopimagemagickgraphicsmagicklinux_enterprise_workstation_extensionstudio_onsitelinux_enterprise_debuginfoleapsolarislinux_enterprise_serverlinuxlinux_enterprise_software_development_kitopensusen/a
CVE-2007-5617
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.18% / 78.84%
||
7 Day CHG~0.00%
Published-21 Oct, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-playerworkstationn/a
CVE-2016-3714
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-93.77% / 99.86%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 18:00
Updated-21 Apr, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-30||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEDebian GNU/LinuxSUSE
Product-debian_linuximagemagickubuntu_linuxsuse_linux_enterprise_serverleapopensusen/adebian_linuxubuntu_linuximagemagickopensusesuse_linux_enterprise_serverleapImageMagick
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.89% / 99.88%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-22 Apr, 2026 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationSUSEThe Apache Software FoundationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-e-series_santricity_management_plug-insubuntu_linuxjreenterprise_linux_server_tusoncommand_cloud_managervasa_provider_for_clustered_data_ontaponcommand_unified_manageroncommand_workflow_automationjdkenterprise_linux_serverenterprise_linux_workstationvirtual_storage_consolemanagerleapenterprise_linux_euslinux_enterprise_module_for_legacye-series_santricity_web_servicesoncommand_reportopensusejrockitdebian_linuxlinux_enterprise_desktoponcommand_performance_managerenterprise_linux_desktopcassandralinux_enterprise_serveroncommand_balanceenterprise_linux_server_eusenterprise_linux_server_ausoncommand_insightstoragegridlinux_enterprise_software_development_kitsatelliteoncommand_shiftmanager_proxye-series_santricity_storage_managerlinuxopenstack_cloudn/aJava SE and JRockit
CWE ID-CWE-284
Improper Access Control
CVE-2010-0159
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.48% / 85.35%
||
7 Day CHG~0.00%
Published-21 Feb, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-thunderbirddebian_linuxubuntu_linuxseamonkeyfirefoxn/a
CVE-2016-3955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.80% / 94.05%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 68.10%
||
7 Day CHG~0.00%
Published-18 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationVMware (Broadcom Inc.)
Product-windowsplayerworkstationn/a
CVE-2016-1580
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-9.8||CRITICAL
EPSS-1.65% / 82.12%
||
7 Day CHG~0.00%
Published-13 May, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to obtain sensitive information or gain privileges via a snap with a name starting with "ubuntu-core."

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxubuntu-core-launchern/a
CVE-2016-1659
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-2.46% / 85.29%
||
7 Day CHG~0.00%
Published-18 Apr, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterpriseleapchromen/a
CVE-2016-0705
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-20.66% / 95.62%
||
7 Day CHG~0.00%
Published-03 Mar, 2016 | 00:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationGoogle LLCOpenSSLDebian GNU/Linux
Product-debian_linuxubuntu_linuxmysqlopensslandroidn/a
CVE-2016-0494
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-8.67% / 92.49%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle Corporation
Product-ubuntu_linuxjdkjren/a
CVE-2015-8812
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.84% / 86.26%
||
7 Day CHG~0.00%
Published-27 Apr, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncNovell
Product-ubuntu_linuxlinux_kernelsuse_linux_enterprise_real_time_extensionn/a
CVE-2015-3408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.93% / 88.37%
||
7 Day CHG~0.00%
Published-19 May, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

Action-Not Available
Vendor-module-signature_projectn/aCanonical Ltd.
Product-module-signatureubuntu_linuxn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2015-4474
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.21% / 84.54%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxopensusen/a
CVE-2015-4473
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-4.05% / 88.56%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxfirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4485
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-7.60% / 91.88%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationMozilla Corporation
Product-solarisfirefoxubuntu_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4479
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.25% / 84.68%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxopensusen/a
CVE-2015-4477
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-2.91% / 86.44%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla Corporation
Product-firefoxubuntu_linuxopensusen/a
CVE-2007-2442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-42.57% / 97.49%
||
7 Day CHG~0.00%
Published-26 Jun, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxMIT (Massachusetts Institute of Technology)
Product-debian_linuxubuntu_linuxkerberos_5n/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2015-4486
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.67% / 82.19%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationMozilla Corporation
Product-solarisfirefoxubuntu_linuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2740
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.49% / 87.63%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationNovellMozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitfirefoxfirefox_esrubuntu_linuxdebian_linuxsuse_linux_enterprise_serversolarissuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2590
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-61.66% / 98.35%
||
7 Day CHG-5.31%
Published-16 Jul, 2015 | 10:00
Updated-21 Apr, 2026 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.openSUSERed Hat, Inc.Oracle CorporationSUSE
Product-enterprise_linux_eusdebian_linuxubuntu_linuxenterprise_linux_for_power_little_endianjrelinux_enterprise_desktopenterprise_linux_server_tusenterprise_linux_for_ibm_z_systemsenterprise_linux_desktopenterprise_linux_for_power_big_endian_euslinux_enterprise_debuginfoenterprise_linux_for_power_big_endianlinux_enterprise_serverenterprise_linux_server_ausenterprise_linux_for_ibm_z_systems_eussatellitejdkenterprise_linux_serverenterprise_linux_workstationenterprise_linux_for_power_little_endian_eusopensusen/aJava SE
CVE-2015-2734
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.25% / 79.43%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationSUSEMozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxfirefox_esrlinux_enterprise_desktopubuntu_linuxdebian_linuxsuse_linux_enterprise_serverlinux_enterprise_serversolarislinux_enterprise_software_development_kitn/a
CVE-2015-2739
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.05% / 77.65%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationNovellMozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitfirefoxubuntu_linuxdebian_linuxfirefox_esrsuse_linux_enterprise_serversolarissuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2737
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.25% / 79.43%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationSUSEMozilla CorporationDebian GNU/Linux
Product-thunderbirdfirefoxfirefox_esrubuntu_linuxlinux_enterprise_desktopdebian_linuxsuse_linux_enterprise_serversolarislinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2015-2342
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-92.03% / 99.71%
||
7 Day CHG~0.00%
Published-12 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servern/a
CVE-2015-2738
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.25% / 79.43%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationSUSEMozilla CorporationDebian GNU/Linux
Product-thunderbirddebian_linuxubuntu_linuxlinux_enterprise_desktopfirefoxfirefox_esrsuse_linux_enterprise_serverlinux_enterprise_serversolarislinux_enterprise_software_development_kitn/a
CVE-2015-2724
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-0.91% / 75.95%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Oracle CorporationNovellMozilla CorporationDebian GNU/Linux
Product-thunderbirdsuse_linux_enterprise_software_development_kitfirefoxfirefox_esrubuntu_linuxdebian_linuxsuse_linux_enterprise_serversolarissuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2806
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-9.35% / 92.80%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUDebian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxlibtasn1fedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-1421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.87% / 93.42%
||
7 Day CHG~0.00%
Published-16 Mar, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxubuntu_linuxlinux_kerneln/a
CVE-2015-0240
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-90.70% / 99.63%
||
7 Day CHG~0.00%
Published-24 Feb, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.

Action-Not Available
Vendor-n/aCanonical Ltd.SambaNovellRed Hat, Inc.
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_serversambasuse_linux_enterprise_desktopenterprise_linuxn/a
CVE-2015-0408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-9.31% / 92.78%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEOracle CorporationNovellRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxjdkjresuse_linux_enterprise_serversuse_linux_enterprise_desktopenterprise_linuxopensusen/a
CVE-2007-0956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.75% / 96.28%
||
7 Day CHG+3.84%
Published-06 Apr, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxMIT (Massachusetts Institute of Technology)
Product-debian_linuxubuntu_linuxkerberos_5n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2007-0062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.40% / 90.17%
||
7 Day CHG~0.00%
Published-21 Sep, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-aceplayerservervmware_workstationworkstationn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0061
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-16.32% / 94.88%
||
7 Day CHG~0.00%
Published-21 Sep, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

Action-Not Available
Vendor-n/aCanonical Ltd.VMware (Broadcom Inc.)
Product-aceubuntu_linuxplayeresxworkstationservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3732
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-30.07% / 96.69%
||
7 Day CHG~0.00%
Published-12 Apr, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationVMware (Broadcom Inc.)
Product-aceplayerserverwindowsworkstationn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2005-4459
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-63.37% / 98.42%
||
7 Day CHG~0.00%
Published-21 Dec, 2005 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-acegsx_serverworkstationplayern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3695
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.24% / 79.32%
||
7 Day CHG~0.00%
Published-03 Sep, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-serveraceplayerworkstationn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found