Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-3798

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Jul, 2007 | 22:00
Updated At-15 Oct, 2024 | 14:18
Rejected At-
Credits

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Jul, 2007 | 22:00
Updated At:15 Oct, 2024 | 14:18
Rejected At:
â–¼CVE Numbering Authority (CNA)

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2007-0387.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/26231
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_16_sr.html
vendor-advisory
x_refsource_SUSE
http://www.vupen.com/english/advisories/2007/4238
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
third-party-advisory
x_refsource_CERT
http://secunia.com/advisories/26168
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27580
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28136
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26286
third-party-advisory
x_refsource_SECUNIA
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
x_refsource_MISC
http://bugs.gentoo.org/show_bug.cgi?id=184815
x_refsource_CONFIRM
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
vendor-advisory
x_refsource_SLACKWARE
http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
vendor-advisory
x_refsource_MANDRIVA
http://www.securitytracker.com/id?1018434
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2007-0368.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/26263
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/474225/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/26223
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
vendor-advisory
x_refsource_APPLE
http://www.trustix.org/errata/2007/0023/
vendor-advisory
x_refsource_TRUSTIX
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
vdb-entry
signature
x_refsource_OVAL
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
vendor-advisory
x_refsource_FREEBSD
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
x_refsource_MISC
http://docs.info.apple.com/article.html?artnum=307179
x_refsource_CONFIRM
http://secunia.com/advisories/26395
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26266
third-party-advisory
x_refsource_SECUNIA
http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
vendor-advisory
x_refsource_TURBO
http://secunia.com/advisories/26521
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/2578
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/26404
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26135
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-492-1
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2007/dsa-1353
vendor-advisory
x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-200707-14.xml
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/24965
vdb-entry
x_refsource_BID
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0387.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/26231
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.novell.com/linux/security/advisories/2007_16_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://secunia.com/advisories/26168
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27580
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28136
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26286
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
Resource:
x_refsource_MISC
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=184815
Resource:
x_refsource_CONFIRM
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securitytracker.com/id?1018434
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0368.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/26263
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/474225/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/26223
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.trustix.org/errata/2007/0023/
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
Resource:
x_refsource_MISC
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/26395
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26266
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
Resource:
vendor-advisory
x_refsource_TURBO
Hyperlink: http://secunia.com/advisories/26521
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/2578
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/26404
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26135
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-492-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2007/dsa-1353
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://security.gentoo.org/glsa/glsa-200707-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/24965
Resource:
vdb-entry
x_refsource_BID
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2007-0387.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/26231
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.novell.com/linux/security/advisories/2007_16_sr.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.vupen.com/english/advisories/2007/4238
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://secunia.com/advisories/26168
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27580
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28136
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26286
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
x_refsource_MISC
x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=184815
x_refsource_CONFIRM
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securitytracker.com/id?1018434
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0368.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/26263
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/474225/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/26223
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.trustix.org/errata/2007/0023/
vendor-advisory
x_refsource_TRUSTIX
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
x_refsource_MISC
x_transferred
http://docs.info.apple.com/article.html?artnum=307179
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/26395
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26266
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
vendor-advisory
x_refsource_TURBO
x_transferred
http://secunia.com/advisories/26521
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/2578
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/26404
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26135
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-492-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2007/dsa-1353
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://security.gentoo.org/glsa/glsa-200707-14.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/24965
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0387.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/26231
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2007_16_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://secunia.com/advisories/26168
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27580
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28136
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26286
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=184815
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018434
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0368.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/26263
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/474225/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/26223
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.trustix.org/errata/2007/0023/
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/26395
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26266
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
Resource:
vendor-advisory
x_refsource_TURBO
x_transferred
Hyperlink: http://secunia.com/advisories/26521
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/2578
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/26404
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26135
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-492-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1353
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200707-14.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/24965
Resource:
vdb-entry
x_refsource_BID
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-252CWE-252 Unchecked Return Value
Type: CWE
CWE ID: CWE-252
Description: CWE-252 Unchecked Return Value
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Jul, 2007 | 22:30
Updated At:15 Oct, 2024 | 15:35

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
tcpdump & libpcap
tcpdump
>>tcpdump>>Versions up to 3.9.6(inclusive)
cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.10
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>3.1
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>9.0
cpe:2.3:a:slackware:slackware:9.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>9.1
cpe:2.3:a:slackware:slackware:9.1:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>10.0
cpe:2.3:a:slackware:slackware:10.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>10.1
cpe:2.3:a:slackware:slackware:10.1:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>10.2
cpe:2.3:a:slackware:slackware:10.2:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>11.0
cpe:2.3:a:slackware:slackware:11.0:*:*:*:*:*:*:*
Slackware
slackware
>>slackware>>12.0
cpe:2.3:a:slackware:slackware:12.0:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>Versions from 5.0(inclusive) to 5.5(exclusive)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>Versions from 6.0(inclusive) to 6.1(exclusive)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p11:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p12:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p13:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p14:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p7:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p8:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>5.5
cpe:2.3:o:freebsd:freebsd:5.5:p9:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p10:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p11:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p12:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p13:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p16:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p17:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p18:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p6:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p7:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.1
cpe:2.3:o:freebsd:freebsd:6.1:p9:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>6.2
cpe:2.3:o:freebsd:freebsd:6.2:p6:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.0.0(inclusive) to 10.4.11(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>Versions from 10.0.0(inclusive) to 10.4.11(exclusive)
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-252Primarynvd@nist.gov
CWE-252Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-252
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-252
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-07-31T00:00:00

This issue does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250275 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References
HyperlinkSourceResource
http://bugs.gentoo.org/show_bug.cgi?id=184815cve@mitre.org
Third Party Advisory
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12cve@mitre.org
Broken Link
http://docs.info.apple.com/article.html?artnum=307179cve@mitre.org
Broken Link
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlcve@mitre.org
Mailing List
http://secunia.com/advisories/26135cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26168cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26223cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26231cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26263cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26266cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26286cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26395cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26404cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/26521cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/27580cve@mitre.org
Broken Link
Vendor Advisory
http://secunia.com/advisories/28136cve@mitre.org
Broken Link
Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asccve@mitre.org
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200707-14.xmlcve@mitre.org
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313cve@mitre.org
Mailing List
Patch
http://www.debian.org/security/2007/dsa-1353cve@mitre.org
Third Party Advisory
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.ccve@mitre.org
Exploit
http://www.mandriva.com/security/advisories?name=MDKSA-2007:148cve@mitre.org
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_16_sr.htmlcve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0368.htmlcve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0387.htmlcve@mitre.org
Broken Link
Vendor Advisory
http://www.securityfocus.com/archive/1/474225/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/24965cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018434cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.trustix.org/errata/2007/0023/cve@mitre.org
Broken Link
http://www.turbolinux.com/security/2007/TLSA-2007-46.txtcve@mitre.org
Broken Link
http://www.ubuntu.com/usn/usn-492-1cve@mitre.org
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-352A.htmlcve@mitre.org
Broken Link
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2007/2578cve@mitre.org
Broken Link
Vendor Advisory
http://www.vupen.com/english/advisories/2007/4238cve@mitre.org
Broken Link
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771cve@mitre.org
Broken Link
Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=184815
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://secunia.com/advisories/26135
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26168
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26223
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26231
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26263
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26266
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26286
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26395
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26404
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/26521
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/27580
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://secunia.com/advisories/28136
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://security.freebsd.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200707-14.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.449313
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: http://www.debian.org/security/2007/dsa-1353
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:148
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.novell.com/linux/security/advisories/2007_16_sr.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0368.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0387.html
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/474225/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/24965
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1018434
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.trustix.org/errata/2007/0023/
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.turbolinux.com/security/2007/TLSA-2007-46.txt
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.ubuntu.com/usn/usn-492-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/2578
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Source: cve@mitre.org
Resource:
Broken Link
Vendor Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9771
Source: cve@mitre.org
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

4242Records found
CVE-2021-40401
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.27% / 49.99%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 00:00
Updated-15 Apr, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-gerbv_projectn/aFedora ProjectDebian GNU/Linux
Product-debian_linuxfedoragerbvGerbv
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-38171
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.21%
||
7 Day CHG~0.00%
Published-21 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2010-0211
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-42.63% / 97.37%
||
7 Day CHG~0.00%
Published-27 Jul, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.

Action-Not Available
Vendor-openldapn/aVMware (Broadcom Inc.)openSUSEApple Inc.
Product-openldapopensuseesximac_os_xmac_os_x_servern/a
CWE ID-CWE-252
Unchecked Return Value
CVE-2018-5158
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-41.38% / 97.30%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESR
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-4121
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-38.61% / 97.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4206
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-7.65% / 91.70%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Crash Reporter" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app that replaces a privileged port name.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_oswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4233
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-89.90% / 99.56%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowsicloudn/aitunesiphone_osubuntu_linuxwatchostvossafariicloud
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4438
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-23.20% / 95.80%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4194
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.66%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchosmac_os_xwindowsicloudn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-4114
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.54% / 67.00%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4412
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.78%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvosmac_os_xwindowsicloudiOS, macOS, tvOS, watchOS, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4301
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 46.22%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 23:26
Updated-29 Jul, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp.

Action-Not Available
Vendor-Apple Inc.
Product-smart_card_servicesSmart Card Services
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-4303
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.35%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosmacOS, iOS, tvOS, watchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4267
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.57% / 68.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudiOS, tvOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4118
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.55% / 67.39%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxtvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4373
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.52% / 66.34%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchossafariwindowsicloudiOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0195
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-6.8||MEDIUM
EPSS-9.02% / 92.44%
||
7 Day CHG~0.00%
Published-23 Apr, 2009 | 17:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.

Action-Not Available
Vendor-glyphandcogfoolabsn/aApple Inc.
Product-xpdfcupsxpdfreadern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5030
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.07% / 86.42%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-5178
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-18.16% / 95.02%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbird_esrthunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbird ESRFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4998
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.40% / 88.74%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcmac_os_xwindowsAdobe Acrobat and Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5028
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.07% / 93.93%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4946
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-7.97% / 91.88%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5146
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-55.24% / 97.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-thunderbirdenterprise_linux_server_tusfirefoxubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4326
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.86%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xiOS, macOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4280
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-19.13% / 95.19%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4130
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.79% / 73.43%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4213
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.58% / 68.30%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5012
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-15.69% / 94.54%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-4441
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-56.22% / 98.04%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4323
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-20.63% / 95.44%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudiOS, tvOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5043
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-21.81% / 95.61%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.23% / 78.87%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 15:14
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5057
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.69% / 93.15%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2018-4347
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.05%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvosmac_os_xwindowsicloudiOS, macOS, tvOS, watchOS, iTunes for Windows, iCloud for Windows
CWE ID-CWE-416
Use After Free
CVE-2018-4204
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-3.48% / 87.29%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4089
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-2.22% / 84.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafariapple_tvmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4358
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5015
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.07% / 93.93%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4314
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-41.52% / 97.31%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudiOS, tvOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-416
Use After Free
CVE-2018-4210
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.58% / 68.30%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+n/a
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2018-4375
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.92%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchossafariwindowsicloudiOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4162
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-38.91% / 97.16%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxwatchostvossafariwindowswebkitgtk\+icloudn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4265
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.75% / 72.66%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_ostvossafariwindowsicloudiOS, tvOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0158
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.64% / 85.38%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 15:14
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5059
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-7.97% / 91.88%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4414
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.78%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvosmac_os_xwindowsicloudiOS, macOS, tvOS, watchOS, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5045
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.07% / 93.93%
||
7 Day CHG~0.00%
Published-20 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-4145
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.69% / 71.32%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4264
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.89% / 75.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesiphone_oswatchostvossafariwindowsicloudiOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4200
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-35.68% / 96.96%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.Microsoft Corporation
Product-itunesiphone_osubuntu_linuxtvossafariwindowsicloudn/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 84
  • 85
  • Next
Details not found