Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-0073

Summary
Assigner-flexera
Assigner Org ID-44d08088-2bea-4760-83a6-1e9be26b15ab
Published At-24 Mar, 2008 | 22:00
Updated At-07 Aug, 2024 | 07:32
Rejected At-
Credits

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:flexera
Assigner Org ID:44d08088-2bea-4760-83a6-1e9be26b15ab
Published At:24 Mar, 2008 | 22:00
Updated At:07 Aug, 2024 | 07:32
Rejected At:
▼CVE Numbering Authority (CNA)

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/secunia_research/2008-10/
x_refsource_MISC
http://www.debian.org/security/2008/dsa-1543
vendor-advisory
x_refsource_DEBIAN
http://security.gentoo.org/glsa/glsa-200808-01.xml
vendor-advisory
x_refsource_GENTOO
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
vendor-advisory
x_refsource_SLACKWARE
http://www.securityfocus.com/bid/28312
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
vdb-entry
x_refsource_XF
http://www.videolan.org/security/sa0803.php
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/29392
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
vendor-advisory
x_refsource_FEDORA
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
x_refsource_CONFIRM
http://secunia.com/advisories/28694
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29740
third-party-advisory
x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200804-25.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/31393
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
vendor-advisory
x_refsource_SUSE
http://xinehq.de/index.php/news
x_refsource_CONFIRM
http://secunia.com/advisories/29601
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
vendor-advisory
x_refsource_MANDRIVA
http://wiki.videolan.org/Changelog/0.8.6f
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0923
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/29800
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/29766
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1019682
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/29503
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29472
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1536
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/29578
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0985
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/31372
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/usn-635-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/30581
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/secunia_research/2008-10/
Resource:
x_refsource_MISC
Hyperlink: http://www.debian.org/security/2008/dsa-1543
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://security.gentoo.org/glsa/glsa-200808-01.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.securityfocus.com/bid/28312
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.videolan.org/security/sa0803.php
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/29392
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/28694
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29740
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-200804-25.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/31393
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://xinehq.de/index.php/news
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/29601
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://wiki.videolan.org/Changelog/0.8.6f
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2008/0923
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/29800
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/29766
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1019682
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/29503
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29472
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1536
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/29578
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2008/0985
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/31372
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/usn-635-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/30581
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/secunia_research/2008-10/
x_refsource_MISC
x_transferred
http://www.debian.org/security/2008/dsa-1543
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://security.gentoo.org/glsa/glsa-200808-01.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.securityfocus.com/bid/28312
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
vdb-entry
x_refsource_XF
x_transferred
http://www.videolan.org/security/sa0803.php
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/29392
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/28694
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29740
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://security.gentoo.org/glsa/glsa-200804-25.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/31393
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://xinehq.de/index.php/news
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/29601
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://wiki.videolan.org/Changelog/0.8.6f
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2008/0923
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/29800
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/29766
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1019682
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/29503
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29472
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1536
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/29578
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2008/0985
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/31372
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/usn-635-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/30581
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/secunia_research/2008-10/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1543
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200808-01.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/28312
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.videolan.org/security/sa0803.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/29392
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/28694
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29740
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200804-25.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/31393
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://xinehq.de/index.php/news
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/29601
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://wiki.videolan.org/Changelog/0.8.6f
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0923
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/29800
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/29766
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019682
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/29503
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29472
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1536
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/29578
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0985
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/31372
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-635-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/30581
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT-CNA@flexerasoftware.com
Published At:24 Mar, 2008 | 22:44
Updated At:23 Apr, 2026 | 00:35

Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Red Hat, Inc.
redhat
>>fedora>>8
cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*
xine
xine
>>xine-lib>>1.1.10.1
cpe:2.3:a:xine:xine-lib:1.1.10.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/28694PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://secunia.com/advisories/29392PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29472PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29503PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29578PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29601PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29740PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29766PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/29800PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/30581PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/31372PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/31393PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/secunia_research/2008-10/PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-25.xmlPSIRT-CNA@flexerasoftware.com
N/A
http://security.gentoo.org/glsa/glsa-200808-01.xmlPSIRT-CNA@flexerasoftware.com
N/A
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655PSIRT-CNA@flexerasoftware.com
Patch
http://wiki.videolan.org/Changelog/0.8.6fPSIRT-CNA@flexerasoftware.com
N/A
http://www.debian.org/security/2008/dsa-1536PSIRT-CNA@flexerasoftware.com
N/A
http://www.debian.org/security/2008/dsa-1543PSIRT-CNA@flexerasoftware.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178PSIRT-CNA@flexerasoftware.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219PSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/bid/28312PSIRT-CNA@flexerasoftware.com
N/A
http://www.securitytracker.com/id?1019682PSIRT-CNA@flexerasoftware.com
N/A
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408PSIRT-CNA@flexerasoftware.com
N/A
http://www.ubuntu.com/usn/usn-635-1PSIRT-CNA@flexerasoftware.com
N/A
http://www.videolan.org/security/sa0803.phpPSIRT-CNA@flexerasoftware.com
N/A
http://www.vupen.com/english/advisories/2008/0923PSIRT-CNA@flexerasoftware.com
N/A
http://www.vupen.com/english/advisories/2008/0985PSIRT-CNA@flexerasoftware.com
N/A
http://xinehq.de/index.php/newsPSIRT-CNA@flexerasoftware.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339PSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.htmlPSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/28694af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29392af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29472af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29503af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29578af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29601af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29740af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29766af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29800af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/30581af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/31372af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/31393af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/secunia_research/2008-10/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-25.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200808-01.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655af854a3a-2127-422b-91ae-364da2661108
Patch
http://wiki.videolan.org/Changelog/0.8.6faf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2008/dsa-1536af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2008/dsa-1543af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:178af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/28312af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1019682af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/usn-635-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.videolan.org/security/sa0803.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/0923af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/0985af854a3a-2127-422b-91ae-364da2661108
N/A
http://xinehq.de/index.php/newsaf854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/41339af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28694
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29392
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29472
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29503
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29578
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29601
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29740
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29766
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29800
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30581
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31372
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/31393
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/secunia_research/2008-10/
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200804-25.xml
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200808-01.xml
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Patch
Hyperlink: http://wiki.videolan.org/Changelog/0.8.6f
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1536
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1543
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/28312
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019682
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-635-1
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.videolan.org/security/sa0803.php
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0923
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0985
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://xinehq.de/index.php/news
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/28694
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/29392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29472
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29503
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29578
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29601
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29740
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29766
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29800
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/30581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/31372
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/31393
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/secunia_research/2008-10/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200804-25.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200808-01.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://wiki.videolan.org/Changelog/0.8.6f
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1536
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1543
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/28312
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019682
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-635-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.videolan.org/security/sa0803.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0923
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0985
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://xinehq.de/index.php/news
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41339
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

477Records found
CVE-2014-0152
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 60.48%
||
7 Day CHG~0.00%
Published-08 Sep, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Action-Not Available
Vendor-ovirtn/aRed Hat, Inc.
Product-ovirtovirt-enginen/a
CVE-2016-1697
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.84% / 83.07%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-7163
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 66.33%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.

Action-Not Available
Vendor-uclouvainn/aRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopfedoraenterprise_linux_server_ausenterprise_linux_eusopenjpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-1680
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.40% / 80.53%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7075
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.79%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 14:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

Action-Not Available
Vendor-Red Hat, Inc.Kubernetes
Product-kubernetesopenshiftOpenShift
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-5177
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.91% / 83.40%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Fedora ProjectopenSUSEGoogle LLC
Product-chromeenterprise_linux_workstation_supplementaryfedoraleapenterprise_linux_server_supplementarydebian_linuxopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2016-5198
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-78.66% / 99.06%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-21 Apr, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||Apply updates per vendor instructions.

V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.

Action-Not Available
Vendor-n/aApple Inc.Red Hat, Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and MacChromium V8
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-0279
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.50% / 85.45%
||
7 Day CHG~0.00%
Published-26 Mar, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-richfacesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-5131
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.69% / 88.00%
||
7 Day CHG~0.00%
Published-23 Jul, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEGoogle LLCSUSERed Hat, Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-watchosubuntu_linuxdebian_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseopensuseleapiphone_oschrometvoslibxml2n/a
CWE ID-CWE-416
Use After Free
CVE-2016-5386
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-45.90% / 97.65%
||
7 Day CHG~0.00%
Published-19 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Action-Not Available
Vendor-n/aOracle CorporationGoRed Hat, Inc.Fedora Project
Product-enterprise_linux_serverenterprise_linux_server_euslinuxenterprise_linux_server_ausfedoragon/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5401
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.02%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_bpm_suitejboss_enterprise_brms_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-5314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.10% / 78.16%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 02:00
Updated-06 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Debian GNU/LinuxLibTIFF
Product-debian_linuxopensuselibtiffenterprise_linuxleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4437
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.21% / 99.92%
||
7 Day CHG~0.00%
Published-07 Jun, 2016 | 14:00
Updated-22 Apr, 2026 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.
Product-aurorajboss_middleware_text-only_advisoriesfuseshiron/aShiro
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2016-4302
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-1.21% / 79.06%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

Action-Not Available
Vendor-n/alibarchiveRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_euslibarchiveenterprise_linux_server_ausenterprise_linux_hpc_nodeenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4300
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.91% / 75.91%
||
7 Day CHG~0.00%
Published-21 Sep, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/alibarchiveRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_euslibarchiveenterprise_linux_hpc_nodeenterprise_linux_server_ausenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-3616
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.40% / 80.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

Action-Not Available
Vendor-libjpeg-turbon/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linuxdebian_linuxubuntu_linuxlibjpeg-turbon/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-3068
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-5.00% / 89.77%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

Action-Not Available
Vendor-mercurialn/aopenSUSESUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxenterprise_linux_servermercurialenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_debuginfoopensuseleapenterprise_linux_server_eusenterprise_linux_hpc_nodefedoraenterprise_linux_server_auslinux_enterprise_software_development_kitenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3707
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.79% / 82.87%
||
7 Day CHG~0.00%
Published-27 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncNovell
Product-enterprise_linux_for_real_timelinux_kernel-rtsuse_linux_enterprise_real_time_extensionenterprise_linux_for_real_time_for_nfvn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-3069
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-2.83% / 86.27%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

Action-Not Available
Vendor-mercurialn/aopenSUSESUSERed Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxenterprise_linux_servermercurialenterprise_linux_workstationenterprise_linux_desktoplinux_enterprise_debuginfoleapenterprise_linux_hpc_node_eusenterprise_linux_server_eusenterprise_linux_hpc_nodefedoraenterprise_linux_server_auslinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2818
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.68%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSENovellRed Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-suse_linux_enterprise_software_development_kitdebian_linuxubuntu_linuxenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systemsenterprise_linux_desktopenterprise_linux_for_power_big_endian_eusenterprise_linux_for_power_big_endianenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_for_ibm_z_systems_eusfirefoxenterprise_linux_serverenterprise_linux_workstationsuse_package_hub_for_suse_linux_enterprisesuse_linux_enterprise_serverleapenterprise_linux_for_scientific_computingenterprise_linux_for_power_little_endian_eussuse_linux_enterprise_desktopopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1701
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.57% / 81.62%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CVE-2016-1672
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.49% / 81.14%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2018-16802
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.73%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 16:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Debian GNU/LinuxArtifex Software Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusghostscriptenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopn/a
CVE-2016-1681
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.42% / 80.69%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1674
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.50% / 81.22%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CVE-2016-1840
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-2.14% / 84.33%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.McAfee, LLClibxml2 (XMLSoft)Red Hat, Inc.Debian GNU/Linux
Product-libxml2debian_linuxubuntu_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopweb_gatewayenterprise_linux_server_eusiphone_osenterprise_linux_server_austvoswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1695
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.94% / 76.39%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CVE-2014-9751
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.84% / 89.59%
||
7 Day CHG~0.00%
Published-04 Oct, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Action-Not Available
Vendor-ntpn/aApple Inc.Oracle CorporationLinux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopntplinuxmacoslinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1703
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.94% / 76.34%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CVE-2016-1663
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.42% / 80.69%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Google LLC
Product-enterprise_linux_desktop_supplementaryenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_workstation_supplementaryopensusen/a
CVE-2016-1673
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.53% / 81.42%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CVE-2016-1678
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.14% / 78.55%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromev8opensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2051
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.29%
||
7 Day CHG~0.00%
Published-25 Jan, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCRed Hat, Inc.
Product-enterprise_linux_desktop_supplementaryenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_workstation_supplementaryn/a
CVE-2016-1679
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.40% / 80.53%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CVE-2015-7537
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.61%
||
7 Day CHG~0.00%
Published-03 Feb, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

Action-Not Available
Vendor-n/aJenkinsRed Hat, Inc.
Product-jenkinsopenshiftn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1676
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.49% / 81.14%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1675
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.20% / 78.99%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseleapchromeopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1704
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.80% / 74.19%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEGoogle LLCNovellRed Hat, Inc.
Product-ubuntu_linuxenterprise_linux_workstationenterprise_linux_serversuse_package_hub_for_suse_linux_enterpriseenterprise_linux_desktopleapchromeopensusen/a
CVE-2016-1660
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.24% / 79.34%
||
7 Day CHG~0.00%
Published-14 May, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Google LLC
Product-enterprise_linux_desktop_supplementaryenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_workstation_supplementaryopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7538
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.23% / 46.20%
||
7 Day CHG~0.00%
Published-03 Feb, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.

Action-Not Available
Vendor-n/aJenkinsRed Hat, Inc.
Product-jenkinsopenshiftn/a
CVE-2015-7512
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9||CRITICAL
EPSS-21.06% / 95.68%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

Action-Not Available
Vendor-n/aQEMUOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_workstationenterprise_linux_serverqemuenterprise_linux_desktoplinuxenterprise_linux_eusopenstackvirtualizationn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-0264
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.6||MEDIUM
EPSS-12.94% / 94.11%
||
7 Day CHG~0.00%
Published-24 May, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationSUSE
Product-enterprise_linux_hpc_node_supplementarysatellitelinux_enterprise_software_development_kitenterprise_linux_serverenterprise_linux_workstationsuse_linux_enterprise_servermanagerenterprise_linux_desktopmanager_proxylinux_enterprise_serverenterprise_linux_server_eusopenstack_cloudjava_sdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0363
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.55% / 67.92%
||
7 Day CHG~0.00%
Published-03 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationNovell
Product-enterprise_linux_hpc_node_supplementarysuse_linux_enterprise_software_development_kitsatelliteenterprise_linux_serverenterprise_linux_workstationjava_sdksuse_linux_enterprise_serverenterprise_linux_desktopsuse_managerenterprise_linux_server_eussuse_manager_proxysuse_openstack_cloudsuse_linux_enterprise_module_for_legacy_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0720
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.44%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Action-Not Available
Vendor-clusterlabsn/aRed Hat, Inc.Fedora Project
Product-enterprise_linuxpcsfedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-5904
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.96% / 76.54%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 01:33
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aRed Hat, Inc.HP Inc.Oracle Corporation
Product-enterprise_linux_desktop_supplementaryenterprise_linux_hpc_node_supplementaryenterprise_linux_server_supplementaryhp-uxjrejdkenterprise_linux_server_supplementary_ausenterprise_linux_server_supplementary_eusenterprise_linux_workstation_supplementaryn/a
CVE-2013-4486
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 66.10%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 14:43
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging

Action-Not Available
Vendor-ZanataLinux Kernel Organization, IncRed Hat, Inc.
Product-zanatalinux_kernelZanata
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2013-4405
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.48%
||
7 Day CHG~0.00%
Published-23 Dec, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_mrgn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-1913
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.02% / 83.86%
||
7 Day CHG~0.00%
Published-12 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

Action-Not Available
Vendor-n/aThe GNOME ProjectGIMPRed Hat, Inc.
Product-gimpglibenterprise_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-2174
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.18% / 87.05%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSECURLRed Hat, Inc.
Product-ubuntu_linuxcurllibcurlopensuseenterprise_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1978
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.44% / 87.55%
||
7 Day CHG~0.00%
Published-12 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Action-Not Available
Vendor-n/aThe GNOME ProjectGIMPRed Hat, Inc.
Product-gimpglibenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 9
  • 10
  • Next
Details not found