Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2357

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 May, 2008 | 10:00
Updated At-07 Aug, 2024 | 08:58
Rejected At-
Credits

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 May, 2008 | 10:00
Updated At:07 Aug, 2024 | 08:58
Rejected At:
â–¼CVE Numbering Authority (CNA)

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/30340
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30522
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/492260/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/30312
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
vendor-advisory
x_refsource_MANDRIVA
http://www.securityfocus.com/bid/29290
vdb-entry
x_refsource_BID
http://security.gentoo.org/glsa/glsa-200806-01.xml
vendor-advisory
x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2008/05/21/3
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/30967
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30359
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
vdb-entry
x_refsource_XF
http://www.openwall.com/lists/oss-security/2008/05/21/4
mailing-list
x_refsource_MLIST
http://securityreason.com/securityalert/3903
third-party-advisory
x_refsource_SREASON
http://www.debian.org/security/2008/dsa-1587
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
vendor-advisory
x_refsource_SUSE
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2008/May/0488.html
mailing-list
x_refsource_FULLDISC
http://www.openwall.com/lists/oss-security/2008/05/21/1
mailing-list
x_refsource_MLIST
http://www.securitytracker.com/id?1020046
vdb-entry
x_refsource_SECTRACK
https://issues.rpath.com/browse/RPL-2558
x_refsource_CONFIRM
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/30340
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30522
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/492260/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/30312
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securityfocus.com/bid/29290
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-01.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/30967
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30359
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://securityreason.com/securityalert/3903
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.debian.org/security/2008/dsa-1587
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
Resource:
x_refsource_CONFIRM
Hyperlink: http://seclists.org/fulldisclosure/2008/May/0488.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/1
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securitytracker.com/id?1020046
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://issues.rpath.com/browse/RPL-2558
Resource:
x_refsource_CONFIRM
Hyperlink: ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/30340
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30522
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/492260/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/30312
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securityfocus.com/bid/29290
vdb-entry
x_refsource_BID
x_transferred
http://security.gentoo.org/glsa/glsa-200806-01.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.openwall.com/lists/oss-security/2008/05/21/3
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/30967
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30359
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
vdb-entry
x_refsource_XF
x_transferred
http://www.openwall.com/lists/oss-security/2008/05/21/4
mailing-list
x_refsource_MLIST
x_transferred
http://securityreason.com/securityalert/3903
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.debian.org/security/2008/dsa-1587
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
x_refsource_CONFIRM
x_transferred
http://seclists.org/fulldisclosure/2008/May/0488.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.openwall.com/lists/oss-security/2008/05/21/1
mailing-list
x_refsource_MLIST
x_transferred
http://www.securitytracker.com/id?1020046
vdb-entry
x_refsource_SECTRACK
x_transferred
https://issues.rpath.com/browse/RPL-2558
x_refsource_CONFIRM
x_transferred
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/30340
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30522
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/492260/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/30312
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29290
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-01.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/30967
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30359
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://securityreason.com/securityalert/3903
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1587
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2008/May/0488.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/1
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020046
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-2558
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 May, 2008 | 13:24
Updated At:11 Oct, 2018 | 20:40

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>Versions up to 0.72(inclusive)
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:*:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.21
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.21:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.22
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.22:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.23
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.23:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.24
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.24:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.25
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.25:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.26
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.26:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.27
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.27:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.28
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.28:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.29
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.29:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.30
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.30:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.31
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.31:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.32
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.32:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.33
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.33:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.34
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.34:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.35
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.35:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.36
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.36:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.37
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.37:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.38
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.38:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.39
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.39:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.40
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.40:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.41
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.41:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.42
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.42:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.43
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.43:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.44
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.44:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.45
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.45:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.46
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.46:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.47
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.47:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.48
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.48:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.49
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.49:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.50
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.50:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.51
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.51:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.52
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.52:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.53
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.53:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.54
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.54:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.55
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.55:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.56
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.56:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.57
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.57:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.58
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.58:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.59
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.59:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.60
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.60:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.61
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.61:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.62
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.62:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.63
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.63:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.64
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.64:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.65
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.65:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.66
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.66:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.67
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.67:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.68
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.68:*:*:*:*:*:*:*
matt_kimball_and_roger_wolff
matt_kimball_and_roger_wolff
>>mtr>>0.69
cpe:2.3:a:matt_kimball_and_roger_wolff:mtr:0.69:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-06-25T00:00:00

This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5. For Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Additionally, the victim must run mtr in "split mode" by providing -p or --split command line options. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw.

References
HyperlinkSourceResource
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diffcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlcve@mitre.org
N/A
http://seclists.org/fulldisclosure/2008/May/0488.htmlcve@mitre.org
Exploit
http://secunia.com/advisories/30312cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30340cve@mitre.org
N/A
http://secunia.com/advisories/30359cve@mitre.org
N/A
http://secunia.com/advisories/30522cve@mitre.org
N/A
http://secunia.com/advisories/30967cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200806-01.xmlcve@mitre.org
N/A
http://securityreason.com/securityalert/3903cve@mitre.org
N/A
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175cve@mitre.org
N/A
http://www.debian.org/security/2008/dsa-1587cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/05/21/1cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/05/21/3cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/05/21/4cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/492260/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/29290cve@mitre.org
N/A
http://www.securitytracker.com/id?1020046cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/42535cve@mitre.org
N/A
https://issues.rpath.com/browse/RPL-2558cve@mitre.org
N/A
Hyperlink: ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2008/May/0488.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/30312
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/30340
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/30359
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/30522
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/30967
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-01.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/3903
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1587
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/3
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/05/21/4
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/492260/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/29290
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1020046
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-2558
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1971Records found
CVE-2012-5361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.86% / 82.71%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8764
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.47% / 64.08%
||
7 Day CHG~0.00%
Published-27 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.

Action-Not Available
Vendor-n/aFreeRADIUS
Product-freeradiusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-26561
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-9||CRITICAL
EPSS-2.34% / 84.54%
||
7 Day CHG~0.00%
Published-26 Feb, 2021 | 21:45
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.

Action-Not Available
Vendor-Synology, Inc.
Product-uc3200vs960hd_firmwarevs960hdskynas_firmwarediskstation_manager_unified_controllerdiskstation_managerskynasSynology DiskStation Manager (DSM)
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7008
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.87% / 82.73%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-4183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-38.73% / 97.15%
||
7 Day CHG~0.00%
Published-18 Jul, 2007 | 23:00
Updated-07 Aug, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-directx_sdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-5904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.42% / 92.13%
||
7 Day CHG~0.00%
Published-17 Nov, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image.

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-3961
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-70.79% / 98.66%
||
7 Day CHG~0.00%
Published-01 Aug, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-virusscanprivacy_serviceinternet_security_suitequickcleanwireless_home_network_securitysecurity_centerspamkillerpersonal_firewall_plusantispywaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.90% / 90.39%
||
7 Day CHG~0.00%
Published-10 Dec, 2006 | 02:00
Updated-07 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields.

Action-Not Available
Vendor-justsystemn/a
Product-ichitaro_lite2sanshirohanako_viewerhanakoichitaroichitaro_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7087
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.57% / 68.11%
||
7 Day CHG~0.00%
Published-09 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-27397
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.95%
||
7 Day CHG~0.00%
Published-12 May, 2021 | 13:18
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The PlantSimCore.dll library lacks proper validation of user-supplied data when parsing SPP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13287)

Action-Not Available
Vendor-Siemens AG
Product-tecnomatix_plant_simulationTecnomatix Plant Simulation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.49% / 65.11%
||
7 Day CHG~0.00%
Published-30 Mar, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-fuseiso_projectn/aFedora Project
Product-fuseisofedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-2482
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-6.8||MEDIUM
EPSS-2.08% / 83.66%
||
7 Day CHG~0.00%
Published-08 Sep, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856.

Action-Not Available
Vendor-microchip_data_systemspentawaren/a
Product-pentazipziptv_for_delphi_7pentasuite-proziptv_for_c\+\+_buildern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.54% / 66.98%
||
7 Day CHG~0.00%
Published-26 Nov, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.

Action-Not Available
Vendor-n/aFFmpegCanonical Ltd.
Product-ffmpegubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6995
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-10.59% / 93.11%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3547
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-16.89% / 94.80%
||
7 Day CHG~0.00%
Published-18 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.

Action-Not Available
Vendor-n/aFreeRADIUS
Product-freeradiusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-3286
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.75% / 85.68%
||
7 Day CHG~0.00%
Published-19 Sep, 2007 | 18:00
Updated-07 Aug, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAvaya LLC
Product-ip_soft_phonen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.37% / 92.10%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7104
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.54% / 81.02%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-safaritvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3401
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.92% / 75.49%
||
7 Day CHG~0.00%
Published-13 Aug, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-1470
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.33% / 89.82%
||
7 Day CHG~0.00%
Published-16 Mar, 2007 | 21:00
Updated-07 Aug, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote attackers to execute arbitrary code via certain long arguments to the (1) FtpArchie, (2) FtpDebugDebug, (3) FtpOpenDir, (4) FtpSize, or (5) FtpChmod function.

Action-Not Available
Vendor-netswn/a
Product-libftpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8363
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.48% / 64.82%
||
7 Day CHG~0.00%
Published-26 Nov, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3133
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.73% / 72.16%
||
7 Day CHG~0.00%
Published-21 Dec, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-hyperion_interactive_reportingessbase_serverhyperion_production_reporting_serverintegration_services_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8561
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.93% / 90.42%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-procliman/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-4866
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.69% / 81.90%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7650
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-1.03% / 76.88%
||
7 Day CHG~0.00%
Published-04 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted CMAP table in a PDF document, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6985
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.10% / 77.61%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.69% / 81.90%
||
7 Day CHG~0.00%
Published-20 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-advantech_webaccessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7103
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 76.67%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_ostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7048
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 76.67%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_ostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0257
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-3.14% / 86.57%
||
7 Day CHG~0.00%
Published-02 Apr, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite.

Action-Not Available
Vendor-invensysn/a
Product-intouchinfusion_scadawonderware_application_serverwonderware_information_serverarchestra_application_object_toolkitinfusion_foundation_editioninfusion_control_editionfoxboro_control_softwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7015
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.16% / 78.24%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.

Action-Not Available
Vendor-n/aApple Inc.
Product-watchosiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6978
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-5.03% / 89.50%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

Action-Not Available
Vendor-n/aApple Inc.
Product-watchosiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7092
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.68% / 71.11%
||
7 Day CHG~0.00%
Published-09 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7987
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-3.08% / 86.47%
||
7 Day CHG~0.00%
Published-26 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

Action-Not Available
Vendor-n/aApple Inc.
Product-mdnsresponderairport_base_stationwatchosairport_base_station_firmwareiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7013
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.53% / 80.96%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-11378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.07%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 19:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7065
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.87% / 82.73%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7097
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 77.58%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_ostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8030
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.13% / 86.54%
||
7 Day CHG~0.00%
Published-30 Oct, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities.

Action-Not Available
Vendor-n/aSAP SE
Product-3d_visual_enterprise_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7039
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-27.36% / 96.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.

Action-Not Available
Vendor-n/aApple Inc.
Product-watchosiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7105
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.53% / 85.11%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7102
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.01% / 76.67%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_ostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7085
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.57% / 68.11%
||
7 Day CHG~0.00%
Published-09 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7547
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-93.87% / 99.86%
||
7 Day CHG~0.00%
Published-18 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Action-Not Available
Vendor-n/aopenSUSESophos Ltd.Red Hat, Inc.Debian GNU/LinuxOracle CorporationF5, Inc.GNUSUSEHP Inc.Canonical Ltd.
Product-enterprise_linux_serverhelion_openstackenterprise_linux_server_eusbig-ip_analyticsserver_migration_packlinux_enterprise_desktopbig-ip_domain_name_systembig-ip_local_traffic_managerdebian_linuxbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerlinux_enterprise_software_development_kitfujitsu_m10_firmwarebig-ip_link_controllerenterprise_linux_server_ausexalogic_infrastructureenterprise_linux_hpc_nodeopensusebig-ip_application_acceleration_managerenterprise_linux_desktopubuntu_linuxsuse_linux_enterprise_serverbig-ip_application_security_managerglibcenterprise_linux_workstationunified_threat_management_softwareenterprise_linux_hpc_node_euslinux_enterprise_serverlinux_enterprise_debuginfobig-ip_access_policy_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7089
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.57% / 68.11%
||
7 Day CHG~0.00%
Published-09 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7101
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 77.58%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_ostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7074
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.83% / 85.86%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7098
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.03% / 76.94%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_ostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5789
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.54% / 81.02%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

Action-Not Available
Vendor-n/aApple Inc.
Product-safariiphone_ositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7073
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.40% / 87.13%
||
7 Day CHG~0.00%
Published-11 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.

Action-Not Available
Vendor-n/aApple Inc.
Product-watchosiphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 39
  • 40
  • Next
Details not found