Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-0846

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Apr, 2009 | 00:00
Updated At-07 Aug, 2024 | 04:48
Rejected At-
Credits

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Apr, 2009 | 00:00
Updated At:07 Aug, 2024 | 04:48
Rejected At:
â–¼CVE Numbering Authority (CNA)

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/504683/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301
vdb-entry
signature
x_refsource_OVAL
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
vendor-advisory
x_refsource_MANDRIVA
http://www.kb.cert.org/vuls/id/662091
third-party-advisory
x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/502527/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2009/0960
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
x_refsource_CONFIRM
http://secunia.com/advisories/35667
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0408.html
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2009-0008.html
x_refsource_CONFIRM
http://secunia.com/advisories/34637
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497213107107&w=2
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2009/2084
vdb-entry
x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/34640
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35074
third-party-advisory
x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
vendor-advisory
x_refsource_SUNALERT
http://security.gentoo.org/glsa/glsa-200904-09.xml
vendor-advisory
x_refsource_GENTOO
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
x_refsource_MISC
http://www.vupen.com/english/advisories/2009/0976
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
vendor-advisory
x_refsource_APPLE
http://www.ubuntu.com/usn/usn-755-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/34630
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483
vdb-entry
signature
x_refsource_OVAL
http://www.vupen.com/english/advisories/2009/1057
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/34617
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/34628
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/34734
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2248
vdb-entry
x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
third-party-advisory
x_refsource_CERT
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
x_refsource_MISC
http://secunia.com/advisories/34598
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2009-0409.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/1297
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/34622
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1021994
vdb-entry
x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
vendor-advisory
x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
vendor-advisory
x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2009-0410.html
vendor-advisory
x_refsource_REDHAT
http://lists.vmware.com/pipermail/security-announce/2009/000059.html
mailing-list
x_refsource_MLIST
http://wiki.rpath.com/Advisories:rPSA-2009-0058
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/502546/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=130497213107107&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/34594
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1106
vdb-entry
x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=124896429301168&w=2
vendor-advisory
x_refsource_HP
http://www.securityfocus.com/bid/34409
vdb-entry
x_refsource_BID
http://marc.info/?l=bugtraq&m=124896429301168&w=2
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securityfocus.com/archive/1/504683/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
Resource:
x_refsource_MISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.kb.cert.org/vuls/id/662091
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securityfocus.com/archive/1/502527/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2009/0960
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://support.apple.com/kb/HT3549
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35667
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0408.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0008.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/34637
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=130497213107107&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2009/2084
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/34640
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35074
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://security.gentoo.org/glsa/glsa-200904-09.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2009/0976
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.ubuntu.com/usn/usn-755-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/34630
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21396120
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.vupen.com/english/advisories/2009/1057
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/34617
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/34628
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/34734
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/2248
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/34598
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-0409.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/34622
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1021994
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-0410.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.vmware.com/pipermail/security-announce/2009/000059.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0058
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/502546/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=130497213107107&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/34594
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1106
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://marc.info/?l=bugtraq&m=124896429301168&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securityfocus.com/bid/34409
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=bugtraq&m=124896429301168&w=2
Resource:
vendor-advisory
x_refsource_HP
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/504683/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
x_refsource_MISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.kb.cert.org/vuls/id/662091
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securityfocus.com/archive/1/502527/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2009/0960
vdb-entry
x_refsource_VUPEN
x_transferred
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35667
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-0408.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vmware.com/security/advisories/VMSA-2009-0008.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/34637
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=130497213107107&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2009/2084
vdb-entry
x_refsource_VUPEN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/34640
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35074
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://security.gentoo.org/glsa/glsa-200904-09.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2009/0976
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.ubuntu.com/usn/usn-755-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/34630
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21396120
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.vupen.com/english/advisories/2009/1057
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/34617
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/34628
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/34734
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/2248
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
x_refsource_MISC
x_transferred
http://secunia.com/advisories/34598
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2009-0409.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2009/1297
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/34622
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1021994
vdb-entry
x_refsource_SECTRACK
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://rhn.redhat.com/errata/RHSA-2009-0410.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.vmware.com/pipermail/security-announce/2009/000059.html
mailing-list
x_refsource_MLIST
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2009-0058
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/502546/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=130497213107107&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/34594
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1106
vdb-entry
x_refsource_VUPEN
x_transferred
http://marc.info/?l=bugtraq&m=124896429301168&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securityfocus.com/bid/34409
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=bugtraq&m=124896429301168&w=2
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/504683/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/662091
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/502527/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0960
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://support.apple.com/kb/HT3549
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35667
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0408.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0008.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/34637
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=130497213107107&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2084
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/34640
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35074
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200904-09.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0976
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-755-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/34630
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21396120
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1057
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/34617
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/34628
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/34734
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2248
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/34598
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-0409.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/34622
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021994
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-0410.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.vmware.com/pipermail/security-announce/2009/000059.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0058
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/502546/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=130497213107107&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/34594
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1106
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=124896429301168&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34409
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=124896429301168&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Apr, 2009 | 00:30
Updated At:09 Feb, 2024 | 03:21

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>Versions before 1.6.4(exclusive)
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>9
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>10
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>7.10
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions before 10.5.7(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>4.0
cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>3.0
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>4.0
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>4.7
cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>2.0
cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>3.0
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>4.0
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>2.0
cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>3.0
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>4.0
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-824Primarynvd@nist.gov
CWE ID: CWE-824
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlcve@mitre.org
Mailing List
http://lists.vmware.com/pipermail/security-announce/2009/000059.htmlcve@mitre.org
Broken Link
http://marc.info/?l=bugtraq&m=124896429301168&w=2cve@mitre.org
Third Party Advisory
http://marc.info/?l=bugtraq&m=130497213107107&w=2cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0409.htmlcve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-0410.htmlcve@mitre.org
Third Party Advisory
http://secunia.com/advisories/34594cve@mitre.org
Broken Link
http://secunia.com/advisories/34598cve@mitre.org
Broken Link
http://secunia.com/advisories/34617cve@mitre.org
Broken Link
http://secunia.com/advisories/34622cve@mitre.org
Broken Link
http://secunia.com/advisories/34628cve@mitre.org
Broken Link
http://secunia.com/advisories/34630cve@mitre.org
Broken Link
http://secunia.com/advisories/34637cve@mitre.org
Broken Link
http://secunia.com/advisories/34640cve@mitre.org
Broken Link
http://secunia.com/advisories/34734cve@mitre.org
Broken Link
http://secunia.com/advisories/35074cve@mitre.org
Broken Link
http://secunia.com/advisories/35667cve@mitre.org
Broken Link
http://security.gentoo.org/glsa/glsa-200904-09.xmlcve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1cve@mitre.org
Broken Link
http://support.apple.com/kb/HT3549cve@mitre.org
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-142.htmcve@mitre.org
Third Party Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.htmlcve@mitre.org
Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.htmlcve@mitre.org
Broken Link
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txtcve@mitre.org
Patch
Vendor Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0058cve@mitre.org
Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058cve@mitre.org
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21396120cve@mitre.org
Broken Link
http://www.kb.cert.org/vuls/id/662091cve@mitre.org
Broken Link
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2009:098cve@mitre.org
Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0408.htmlcve@mitre.org
Broken Link
http://www.securityfocus.com/archive/1/502527/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/502546/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/504683/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/34409cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1021994cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-755-1cve@mitre.org
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0008.htmlcve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2009/0960cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/0976cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/1057cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/1106cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/1297cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/2084cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/2248cve@mitre.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694cve@mitre.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483cve@mitre.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301cve@mitre.org
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.htmlcve@mitre.org
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.htmlcve@mitre.org
Mailing List
Hyperlink: http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://lists.vmware.com/pipermail/security-announce/2009/000059.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://marc.info/?l=bugtraq&m=124896429301168&w=2
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=130497213107107&w=2
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-0409.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2009-0410.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/34594
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34598
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34617
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34622
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34628
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34630
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34637
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34640
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/34734
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35074
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35667
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200904-09.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://support.apple.com/kb/HT3549
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0058
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21396120
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.kb.cert.org/vuls/id/662091
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:098
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0408.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/archive/1/502527/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/502546/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/504683/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/34409
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1021994
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-755-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0008.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/0960
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/0976
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1057
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1106
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1297
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/2084
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/2248
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html
Source: cve@mitre.org
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

1436Records found
CVE-2007-2442
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-42.57% / 97.37%
||
7 Day CHG+0.87%
Published-26 Jun, 2007 | 22:00
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)Debian GNU/LinuxCanonical Ltd.
Product-kerberos_5ubuntu_linuxdebian_linuxn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2017-5398
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.26% / 86.85%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdthunderbird_esrfirefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3343
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.30% / 89.79%
||
7 Day CHG~0.00%
Published-12 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2000-0391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.48% / 92.16%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-cygnusn/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-cygnus_network_securitykerberoslinuxkerbnetkerberos_5n/a
CVE-2000-0017
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.36% / 87.06%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2018-4877
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.04% / 89.51%
||
7 Day CHG~0.00%
Published-06 Feb, 2018 | 20:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

Action-Not Available
Vendor-n/aGoogle LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_oswindowsmacoswindows_10enterprise_linux_desktopflash_playerAdobe Flash Player before 28.0.0.161
CWE ID-CWE-416
Use After Free
CVE-2010-1119
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-24.42% / 95.97%
||
7 Day CHG~0.00%
Published-25 Mar, 2010 | 20:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowsiphone_ossafarimac_os_xmac_os_x_servern/a
CVE-2000-0248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-75.88% / 98.88%
||
7 Day CHG~0.00%
Published-26 Apr, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2000-0322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-77.77% / 98.97%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2017-3059
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.45% / 88.79%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 25.0.0.127 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2003-0694
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-76.08% / 98.89%
||
7 Day CHG~0.00%
Published-18 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Action-Not Available
Vendor-compaqsendmailturbolinuxn/aNetBSDGentoo Foundation, Inc.Silicon Graphics, Inc.IBM CorporationFreeBSD FoundationApple Inc.Sun Microsystems (Oracle Corporation)HP Inc.
Product-sendmailtru64netbsdadvanced_message_serveraixirixturbolinux_workstationmac_os_xlinuxhp-uxsendmail_switchsolaristurbolinux_servermac_os_x_serversunosfreebsdturbolinux_advanced_serversendmail_pron/a
CVE-2018-4259
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.42%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 00:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to macOS High Sierra 10.13.6.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3077
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-53.86% / 97.93%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 25.0.0.171 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3358
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-37.54% / 97.09%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3357.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CVE-2003-1009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.08% / 77.46%
||
7 Day CHG~0.00%
Published-10 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CVE-1999-0009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-80.32% / 99.09%
||
7 Day CHG-0.16%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Action-Not Available
Vendor-bsdidata_generalscon/aThe MITRE Corporation (Caldera)NEC CorporationIBM CorporationSun Microsystems (Oracle Corporation)Silicon Graphics, Inc.Internet Systems Consortium, Inc.NetBSDRed Hat, Inc.
Product-bsd_osnetbsddg_uxbindaixsolarisasl_ux_4800irixopen_desktopunixwaresunoslinuxopenlinuxn/a
CVE-2015-4602
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-12.86% / 93.87%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP Group
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusn/a
CVE-2017-3075
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.68% / 81.85%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 25.0.0.171 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2015-4600
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-10.74% / 93.16%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP Group
Product-enterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusn/a
CVE-2017-3037
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.40% / 84.72%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0201
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-80.51% / 99.10%
||
7 Day CHG-0.56%
Published-15 Apr, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-samba-tngcompaqn/aApple Inc.SambaSun Microsystems (Oracle Corporation)HP Inc.
Product-tru64hp-uxsolarissamba-tngsambasunoscifs-9000_servermac_os_xn/a
CVE-2017-3079
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.63% / 87.54%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 25.0.0.171 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4223
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.67% / 81.77%
||
7 Day CHG~0.00%
Published-17 Dec, 2008 | 01:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servern/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-3112
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-9.68% / 92.73%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelwindows_8.1enterprise_linux_serverwindows_10flash_playermacoswindowsAdobe Flash Player 27.0.0.183 and earlier versions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2003-0466
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-90.83% / 99.61%
||
7 Day CHG~0.00%
Published-01 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Action-Not Available
Vendor-wuftpdn/aNetBSDOpenBSDRed Hat, Inc.FreeBSD FoundationApple Inc.Sun Microsystems (Oracle Corporation)
Product-netbsdopenbsdwu_ftpdsolarismac_os_x_serverfreebsdmac_os_xwu-ftpdn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2018-19715
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.02% / 83.40%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcn/a
CWE ID-CWE-416
Use After Free
CVE-2003-0426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.90% / 75.21%
||
7 Day CHG~0.00%
Published-25 Jul, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.

Action-Not Available
Vendor-n/aApple Inc.
Product-darwin_streaming_servern/a
CVE-2017-3010
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.30% / 84.41%
||
7 Day CHG~0.00%
Published-31 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatacrobat_dcreaderacrobat_reader_dcmacoswindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3063
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.45% / 88.79%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 25.0.0.127 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2003-0421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.51% / 80.88%
||
7 Day CHG~0.00%
Published-25 Jul, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.

Action-Not Available
Vendor-n/aApple Inc.
Product-darwin_streaming_servern/a
CVE-2015-3059
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.56% / 87.43%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3075.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-416
Use After Free
CVE-2015-3070
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-12.26% / 93.68%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, and CVE-2015-3076.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3062
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.45% / 88.79%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 25.0.0.127 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2017-3124
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-11.54% / 93.46%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.44% / 80.38%
||
7 Day CHG~0.00%
Published-05 Jun, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2017-3060
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.94% / 91.86%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncApple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-mac_os_xchrome_oslinux_kernelwindows_8.1windows_10flash_playerwindowsAdobe Flash Player 25.0.0.127 and earlier.
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-3127
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-10.49% / 93.08%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CVE-2014-8822
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-0.98% / 76.41%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CVE-2015-3100
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.39% / 87.12%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3074
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.63% / 87.54%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3073.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-284
Improper Access Control
CVE-2003-0041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.23% / 78.83%
||
7 Day CHG~0.00%
Published-01 Feb, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

Action-Not Available
Vendor-n/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)Mandriva (Mandrakesoft)
Product-linuxkerberos_ftp_clientmandrake_multi_network_firewallmandrake_linuxn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-3068
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.63% / 87.54%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3049
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-12.26% / 93.68%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3111
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-27.41% / 96.29%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccmac_os_xbridgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3132
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-10.49% / 93.08%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CVE-2015-3117
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.54% / 90.05%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3042
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-51.91% / 97.84%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2017-2434
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 68.23%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3089
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-55.43% / 98.00%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3050
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-12.26% / 93.68%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 28
  • 29
  • Next
Details not found