Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-4131

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-25 Aug, 2007 | 00:00
Updated At-07 Aug, 2024 | 14:46
Rejected At-
Credits

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:25 Aug, 2007 | 00:00
Updated At:07 Aug, 2024 | 14:46
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1018599
vdb-entry
x_refsource_SECTRACK
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
vendor-advisory
x_refsource_SUNALERT
http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
x_refsource_CONFIRM
http://secunia.com/advisories/26673
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26822
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4238
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
third-party-advisory
x_refsource_CERT
http://secunia.com/advisories/26655
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/27453
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/28136
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26781
third-party-advisory
x_refsource_SECUNIA
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
x_refsource_MISC
http://www.debian.org/security/2007/dsa-1438
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/26590
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/27861
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/2958
vdb-entry
x_refsource_VUPEN
https://issues.rpath.com/browse/RPL-1631
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDKSA-2007:173
vendor-advisory
x_refsource_MANDRIVA
http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc
vendor-advisory
x_refsource_FREEBSD
http://secunia.com/advisories/26984
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/477865/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.trustix.org/errata/2007/0026/
vendor-advisory
x_refsource_TRUSTIX
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
vendor-advisory
x_refsource_APPLE
http://www.novell.com/linux/security/advisories/2007_18_sr.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/26604
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-506-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/28255
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/26573
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0860.html
vendor-advisory
x_refsource_REDHAT
http://docs.info.apple.com/article.html?artnum=307179
x_refsource_CONFIRM
http://secunia.com/advisories/26603
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/bid/25417
vdb-entry
x_refsource_BID
http://security.gentoo.org/glsa/glsa-200709-09.xml
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/archive/1/477731/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/26674
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1018599
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/26673
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26822
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://secunia.com/advisories/26655
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/27453
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/28136
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26781
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
Resource:
x_refsource_MISC
Hyperlink: http://www.debian.org/security/2007/dsa-1438
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/26590
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/27861
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/2958
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://issues.rpath.com/browse/RPL-1631
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:173
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
Hyperlink: http://secunia.com/advisories/26984
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/477865/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.trustix.org/errata/2007/0026/
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.novell.com/linux/security/advisories/2007_18_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/26604
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-506-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/28255
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/26573
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0860.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/26603
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/bid/25417
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://security.gentoo.org/glsa/glsa-200709-09.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/archive/1/477731/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/26674
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1018599
vdb-entry
x_refsource_SECTRACK
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/26673
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26822
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/4238
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://secunia.com/advisories/26655
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/27453
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/28136
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26781
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
x_refsource_MISC
x_transferred
http://www.debian.org/security/2007/dsa-1438
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/26590
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/27861
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/2958
vdb-entry
x_refsource_VUPEN
x_transferred
https://issues.rpath.com/browse/RPL-1631
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2007:173
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc
vendor-advisory
x_refsource_FREEBSD
x_transferred
http://secunia.com/advisories/26984
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/477865/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.trustix.org/errata/2007/0026/
vendor-advisory
x_refsource_TRUSTIX
x_transferred
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.novell.com/linux/security/advisories/2007_18_sr.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/26604
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-506-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/28255
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/26573
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0860.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://docs.info.apple.com/article.html?artnum=307179
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/26603
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/bid/25417
vdb-entry
x_refsource_BID
x_transferred
http://security.gentoo.org/glsa/glsa-200709-09.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/archive/1/477731/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/26674
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018599
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/26673
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26822
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://secunia.com/advisories/26655
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/27453
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/28136
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26781
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.debian.org/security/2007/dsa-1438
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/26590
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/27861
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/2958
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-1631
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:173
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc
Resource:
vendor-advisory
x_refsource_FREEBSD
x_transferred
Hyperlink: http://secunia.com/advisories/26984
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/477865/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.trustix.org/errata/2007/0026/
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2007_18_sr.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/26604
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-506-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/28255
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/26573
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0860.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/26603
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25417
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200709-09.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/477731/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/26674
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:25 Aug, 2007 | 00:17
Updated At:15 Oct, 2018 | 21:33

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Red Hat, Inc.
redhat
>>enterprise_linux>>4.0
cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>4.0
cpe:2.3:o:redhat:enterprise_linux:4.0:*:desktop:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>4.0
cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>4.0
cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>5.0
cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
rpath
rpath
>>rpath_linux>>1
cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13
cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.5
cpe:2.3:a:gnu:tar:1.13.5:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.11
cpe:2.3:a:gnu:tar:1.13.11:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.14
cpe:2.3:a:gnu:tar:1.13.14:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.16
cpe:2.3:a:gnu:tar:1.13.16:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.17
cpe:2.3:a:gnu:tar:1.13.17:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.18
cpe:2.3:a:gnu:tar:1.13.18:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.19
cpe:2.3:a:gnu:tar:1.13.19:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.13.25
cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.14
cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.14.90
cpe:2.3:a:gnu:tar:1.14.90:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.15
cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.15.1
cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.15.90
cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.15.91
cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
GNU
gnu
>>tar>>1.16
cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921secalert@redhat.com
N/A
http://docs.info.apple.com/article.html?artnum=307179secalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/26573secalert@redhat.com
N/A
http://secunia.com/advisories/26590secalert@redhat.com
N/A
http://secunia.com/advisories/26603secalert@redhat.com
N/A
http://secunia.com/advisories/26604secalert@redhat.com
N/A
http://secunia.com/advisories/26655secalert@redhat.com
N/A
http://secunia.com/advisories/26673secalert@redhat.com
N/A
http://secunia.com/advisories/26674secalert@redhat.com
N/A
http://secunia.com/advisories/26781secalert@redhat.com
N/A
http://secunia.com/advisories/26822secalert@redhat.com
N/A
http://secunia.com/advisories/26984secalert@redhat.com
N/A
http://secunia.com/advisories/27453secalert@redhat.com
N/A
http://secunia.com/advisories/27861secalert@redhat.com
N/A
http://secunia.com/advisories/28136secalert@redhat.com
N/A
http://secunia.com/advisories/28255secalert@redhat.com
N/A
http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.ascsecalert@redhat.com
N/A
http://security.gentoo.org/glsa/glsa-200709-09.xmlsecalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1secalert@redhat.com
N/A
http://support.avaya.com/elmodocs2/security/ASA-2007-383.htmsecalert@redhat.com
N/A
http://www.debian.org/security/2007/dsa-1438secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2007:173secalert@redhat.com
N/A
http://www.novell.com/linux/security/advisories/2007_18_sr.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2007-0860.htmlsecalert@redhat.com
Patch
http://www.securityfocus.com/archive/1/477731/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/477865/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/25417secalert@redhat.com
N/A
http://www.securitytracker.com/id?1018599secalert@redhat.com
N/A
http://www.trustix.org/errata/2007/0026/secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-506-1secalert@redhat.com
N/A
http://www.us-cert.gov/cas/techalerts/TA07-352A.htmlsecalert@redhat.com
US Government Resource
http://www.vupen.com/english/advisories/2007/2958secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2007/4238secalert@redhat.com
N/A
https://issues.rpath.com/browse/RPL-1631secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779secalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.htmlsecalert@redhat.com
N/A
Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://docs.info.apple.com/article.html?artnum=307179
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26573
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26590
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26603
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26604
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26655
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26673
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26674
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26781
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26822
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/26984
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27453
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/27861
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28255
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200709-09.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2007-383.htm
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2007/dsa-1438
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2007:173
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2007_18_sr.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0860.html
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.securityfocus.com/archive/1/477731/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/477865/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/25417
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1018599
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.trustix.org/errata/2007/0026/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-506-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Source: secalert@redhat.com
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/2958
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/4238
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-1631
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10420
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7779
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

620Records found
CVE-2020-21832
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.39% / 58.90%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 20:20
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-5870
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.98% / 75.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 00:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationHP Inc.
Product-enterprise_linux_workstation_supplementaryjavafxenterprise_linux_server_supplementaryenterprise_linux_server_supplementary_aushp-uxenterprise_linux_hpc_node_supplementaryjdkenterprise_linux_server_supplementary_eusjreenterprise_linux_desktop_supplementaryn/a
CVE-2013-5904
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.96% / 75.50%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 01:33
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationHP Inc.
Product-enterprise_linux_workstation_supplementaryenterprise_linux_server_supplementaryenterprise_linux_server_supplementary_aushp-uxenterprise_linux_hpc_node_supplementaryjdkenterprise_linux_server_supplementary_eusjreenterprise_linux_desktop_supplementaryn/a
CVE-2017-9043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.53%
||
7 Day CHG~0.00%
Published-18 May, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7752
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.37%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-416
Use After Free
CVE-2017-7846
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.35% / 79.31%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopThunderbird
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-5771
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.54%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectGoogle LLC
Product-enterprise_linux_serverchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CVE-2019-5770
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.13% / 77.42%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7814
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverthunderbirddebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopFirefoxFirefox ESRThunderbird
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7798
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-2.92% / 85.86%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-5760
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-6891
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.03%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Action-Not Available
Vendor-Flexera Software LLCDebian GNU/LinuxThe Apache Software FoundationGNU
Product-bookkeeperdebian_linuxlibtasn1GnuTLS libtasn1
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5077
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5036
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.91%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5073
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5114
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 61.0.3163.79 for Linux, Windows and Mac, and 61.0.3163.81 for Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5332
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.36%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 20:24
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Action-Not Available
Vendor-icoutils_projectCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-ubuntu_linuxicoutilsdebian_linuxenterprise_linux_server_eusopensuseenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_desktopleapicoutils
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5057
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5436
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 76.43%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-21 Oct, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-silDebian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxgraphite2enterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5088
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5030
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-63.05% / 98.32%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Red Hat, Inc.Google LLCLinux Kernel Organization, IncDebian GNU/Linux
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Linux, Windows and Mac, and 57.0.2987.108 for AndroidChromium V8
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5091
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Linux, Android, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5108
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5038
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.94% / 75.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 57.0.2987.98 for Linux, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5062
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.88%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5054
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.73%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5095
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.59% / 80.88%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 60.0.3112.78 for Linux, Windows and Mac
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5039
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.28% / 50.91%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-416
Use After Free
CVE-2017-5059
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.49% / 84.70%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5111
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.48% / 80.23%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelenterprise_linux_serverdebian_linuxmacoswindowsGoogle Chrome prior to 61.0.3163.79 for Linux, Windows and Mac
CWE ID-CWE-416
Use After Free
CVE-2017-5121
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.64% / 87.38%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 61.0.3163.100 for Linux, Windows and Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5208
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.23%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.

Action-Not Available
Vendor-icoutils_projectn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationicoutilsenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-5044
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-1.06% / 76.74%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5098
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.37% / 86.85%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-416
Use After Free
CVE-2017-5113
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5063
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.91% / 74.89%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-44227
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.94%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 02:52
Updated-04 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNU
Product-mailmandebian_linuxn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-42586
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.82%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 10:39
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5762
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.54% / 84.87%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-5772
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-64.62% / 98.39%
||
7 Day CHG~0.00%
Published-19 Mar, 2019 | 18:27
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEFedora ProjectArtifex Software Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusghostscriptenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linux_server_tusenterprise_linux_desktopleapn/a
CVE-2019-5758
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5764
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.53% / 80.55%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.36%
||
7 Day CHG~0.00%
Published-24 Feb, 2018 | 06:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.

Action-Not Available
Vendor-n/aGNU
Product-libcdion/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-42585
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 59.82%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 10:35
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

Action-Not Available
Vendor-n/aGNU
Product-libredwgn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5761
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.25% / 78.50%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectGoogle LLC
Product-enterprise_linux_serverchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5763
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-5759
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeandroidenterprise_linux_workstationfedoramacosenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2013-4405
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-23 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_mrgn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-17121
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-04 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 12
  • 13
  • Next
Details not found