Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-3529

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-12 Sep, 2008 | 16:00
Updated At-07 Aug, 2024 | 09:45
Rejected At-
Credits

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:12 Sep, 2008 | 16:00
Updated At:07 Aug, 2024 | 09:45
Rejected At:
▼CVE Numbering Authority (CNA)

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-815-1
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/644-1/
vendor-advisory
x_refsource_UBUNTU
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
x_refsource_CONFIRM
http://support.apple.com/kb/HT3639
x_refsource_CONFIRM
http://secunia.com/advisories/31860
third-party-advisory
x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
x_refsource_CONFIRM
http://secunia.com/advisories/32280
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/31855
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1621
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
vdb-entry
x_refsource_XF
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
x_refsource_CONFIRM
http://secunia.com/advisories/32807
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/31982
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=461015
x_refsource_CONFIRM
http://secunia.com/advisories/31868
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1654
vendor-advisory
x_refsource_DEBIAN
http://xmlsoft.org/news.html
x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
vdb-entry
signature
x_refsource_OVAL
http://www.vupen.com/english/advisories/2009/1298
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/35074
third-party-advisory
x_refsource_SECUNIA
https://www.exploit-db.com/exploits/8798
exploit
x_refsource_EXPLOIT-DB
http://secunia.com/advisories/36173
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0884.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/1522
vdb-entry
x_refsource_VUPEN
http://securitytracker.com/id?1020855
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/32265
third-party-advisory
x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200812-06.xml
vendor-advisory
x_refsource_GENTOO
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/33715
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/35056
third-party-advisory
x_refsource_SECUNIA
http://wiki.rpath.com/Advisories:rPSA-2008-0325
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
vendor-advisory
x_refsource_SUNALERT
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
vendor-advisory
x_refsource_APPLE
http://www.securityfocus.com/bid/31126
vdb-entry
x_refsource_BID
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
x_refsource_CONFIRM
http://secunia.com/advisories/35379
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/33722
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/32974
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/36235
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
third-party-advisory
x_refsource_CERT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
vendor-advisory
x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2009/1297
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT3550
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
vendor-advisory
x_refsource_SUNALERT
http://secunia.com/advisories/31558
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3613
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2822
vdb-entry
x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0886.html
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/USN-815-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://usn.ubuntu.com/644-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.apple.com/kb/HT3639
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31860
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/32280
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/31855
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1621
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://support.apple.com/kb/HT3549
Resource:
x_refsource_CONFIRM
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/32807
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/31982
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=461015
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31868
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1654
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://xmlsoft.org/news.html
Resource:
x_refsource_MISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.vupen.com/english/advisories/2009/1298
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/35074
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.exploit-db.com/exploits/8798
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://secunia.com/advisories/36173
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0884.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2009/1522
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securitytracker.com/id?1020855
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/32265
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/33715
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/35056
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0325
Resource:
x_refsource_CONFIRM
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securityfocus.com/bid/31126
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35379
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/33722
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/32974
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/36235
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://support.apple.com/kb/HT3550
Resource:
x_refsource_CONFIRM
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://secunia.com/advisories/31558
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT3613
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2008/2822
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0886.html
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-815-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/644-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
x_refsource_CONFIRM
x_transferred
http://support.apple.com/kb/HT3639
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/31860
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/32280
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/31855
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1621
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
vdb-entry
x_refsource_XF
x_transferred
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/32807
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/31982
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=461015
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/31868
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1654
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://xmlsoft.org/news.html
x_refsource_MISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.vupen.com/english/advisories/2009/1298
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/35074
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.exploit-db.com/exploits/8798
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://secunia.com/advisories/36173
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0884.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2009/1522
vdb-entry
x_refsource_VUPEN
x_transferred
http://securitytracker.com/id?1020855
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/32265
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://security.gentoo.org/glsa/glsa-200812-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/33715
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/35056
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2008-0325
x_refsource_CONFIRM
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securityfocus.com/bid/31126
vdb-entry
x_refsource_BID
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35379
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/33722
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/32974
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/36235
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.vupen.com/english/advisories/2009/1297
vdb-entry
x_refsource_VUPEN
x_transferred
http://support.apple.com/kb/HT3550
x_refsource_CONFIRM
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://secunia.com/advisories/31558
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT3613
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2008/2822
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0886.html
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-815-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://usn.ubuntu.com/644-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.apple.com/kb/HT3639
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31860
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/32280
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/31855
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1621
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://support.apple.com/kb/HT3549
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/32807
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/31982
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=461015
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31868
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1654
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://xmlsoft.org/news.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1298
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/35074
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/8798
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://secunia.com/advisories/36173
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0884.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1522
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securitytracker.com/id?1020855
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/32265
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/33715
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/35056
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0325
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31126
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35379
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/33722
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/32974
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/36235
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://support.apple.com/kb/HT3550
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://secunia.com/advisories/31558
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3613
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2822
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0886.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:12 Sep, 2008 | 16:56
Updated At:13 Feb, 2023 | 02:19

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
libxml2 (XMLSoft)
xmlsoft
>>libxml2>>Versions before 2.7.0(exclusive)
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.10
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.04
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>Versions before 4.0(exclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>Versions from 3.2.0(inclusive) to 3.2.3(exclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 3.0(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions before 10.5.7(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.7
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/May/msg00000.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlsecalert@redhat.com
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://secunia.com/advisories/31558secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31855secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31860secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31868secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/31982secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32265secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32280secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32807secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/32974secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/33715secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/33722secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/35056secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/35074secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/35379secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/36173secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/36235secalert@redhat.com
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-06.xmlsecalert@redhat.com
Third Party Advisory
http://securitytracker.com/id?1020855secalert@redhat.com
Third Party Advisory
VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1secalert@redhat.com
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1secalert@redhat.com
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1secalert@redhat.com
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1secalert@redhat.com
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1secalert@redhat.com
Broken Link
http://support.apple.com/kb/HT3549secalert@redhat.com
Third Party Advisory
http://support.apple.com/kb/HT3550secalert@redhat.com
Third Party Advisory
http://support.apple.com/kb/HT3613secalert@redhat.com
Third Party Advisory
http://support.apple.com/kb/HT3639secalert@redhat.com
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htmsecalert@redhat.com
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htmsecalert@redhat.com
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0325secalert@redhat.com
Broken Link
http://www.debian.org/security/2008/dsa-1654secalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192secalert@redhat.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0884.htmlsecalert@redhat.com
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0886.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/31126secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-815-1secalert@redhat.com
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlsecalert@redhat.com
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2008/2822secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1297secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1298secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1522secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1621secalert@redhat.com
Third Party Advisory
http://xmlsoft.org/news.htmlsecalert@redhat.com
Release Notes
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=461015secalert@redhat.com
Issue Tracking
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085secalert@redhat.com
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760secalert@redhat.com
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103secalert@redhat.com
Third Party Advisory
https://usn.ubuntu.com/644-1/secalert@redhat.com
Third Party Advisory
https://www.exploit-db.com/exploits/8798secalert@redhat.com
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Source: secalert@redhat.com
Resource:
Broken Link
Mailing List
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31558
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31855
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31860
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31868
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/31982
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/32265
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/32280
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/32807
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/32974
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/33715
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/33722
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35056
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35074
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35379
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/36173
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/36235
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200812-06.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://securitytracker.com/id?1020855
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT3549
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3550
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3613
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3639
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0325
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2008/dsa-1654
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0884.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0886.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/31126
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-815-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2008/2822
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1298
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1522
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1621
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://xmlsoft.org/news.html
Source: secalert@redhat.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=461015
Source: secalert@redhat.com
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/644-1/
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/8798
Source: secalert@redhat.com
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

4994Records found
CVE-2016-1077
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-28.44% / 96.34%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1093
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.44%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1130
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.44%
||
7 Day CHG+2.96%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1124
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.44%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1129
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.11% / 89.44%
||
7 Day CHG+2.96%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0952
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccmac_os_xbridge_ccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1356
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-3.25% / 86.62%
||
7 Day CHG~0.00%
Published-01 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0945
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5579
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.08% / 93.18%
||
7 Day CHG~0.00%
Published-22 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5567.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0951
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccmac_os_xbridge_ccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5545
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-52.58% / 97.85%
||
7 Day CHG~0.00%
Published-14 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4288
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.72% / 71.47%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1007
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-6.14% / 90.44%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4331
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-19.92% / 95.25%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0944
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2193
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-24.77% / 95.93%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0933
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.75% / 90.11%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3052
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-10.45% / 92.93%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0749
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-20.47% / 95.33%
||
7 Day CHG~0.00%
Published-09 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-spice_projectn/aopenSUSERed Hat, Inc.Debian GNU/LinuxMicrosoft Corporation
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausspiceleapopensuseenterprise_linux_hpc_node_eusenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationwindowsdebian_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3095
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.99% / 87.94%
||
7 Day CHG~0.00%
Published-15 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readermacosacrobat_dcwindowsacrobatn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3117
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.33% / 91.31%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4259
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 69.39%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4257
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 63.98%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1043
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-12.70% / 93.72%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2140
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-89.83% / 99.55%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowsandroidflash_playersunosadobe_airmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1037
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.56% / 88.76%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4332
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 75.95%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosiOS, macOS, tvOS, watchOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0953
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccmac_os_xbridge_ccn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4189
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_oswatchosmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4258
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 63.98%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4286
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.72% / 71.47%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-4291
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.72% / 71.47%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0942
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0946
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.59% / 85.00%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, and CVE-2016-0945.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8659
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.19% / 83.69%
||
7 Day CHG~0.00%
Published-12 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

Action-Not Available
Vendor-nghttp2n/aApple Inc.
Product-watchosnghttp2iphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8047
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.33% / 91.31%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8419
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.15% / 93.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8407
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-8.76% / 92.14%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8457.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8455
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.15% / 93.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, and CVE-2015-8451.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8459
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||CRITICAL
EPSS-6.40% / 90.64%
||
7 Day CHG~0.00%
Published-28 Dec, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8418
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.15% / 93.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8045
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.33% / 91.31%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8417
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.15% / 93.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8451
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.15% / 93.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8416
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-13.40% / 93.92%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5090
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3113
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.06% / 86.18%
||
7 Day CHG~0.00%
Published-24 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using DeleteButtonController.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Google LLC
Product-ubuntu_linuxchromewebkitgtkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8408
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.33% / 91.31%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8444
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.15% / 93.20%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8451, and CVE-2015-8455.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8415
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.85% / 91.62%
||
7 Day CHG~0.00%
Published-10 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 99
  • 100
  • Next
Details not found