Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1291

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Apr, 2009 | 20:00
Updated At-07 Aug, 2024 | 05:04
Rejected At-
Credits

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Apr, 2009 | 20:00
Updated At:07 Aug, 2024 | 05:04
Rejected At:
▼CVE Numbering Authority (CNA)

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt
x_refsource_CONFIRM
http://www.tibco.com/services/support/advisories/default.jsp
x_refsource_CONFIRM
http://securitytracker.com/id?1022129
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/34754
vdb-entry
x_refsource_BID
http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt
x_refsource_CONFIRM
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785
third-party-advisory
x_refsource_IDEFENSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/50214
vdb-entry
x_refsource_XF
http://www.vupen.com/english/advisories/2009/1198
vdb-entry
x_refsource_VUPEN
http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html
x_refsource_MISC
http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp
x_refsource_CONFIRM
http://secunia.com/advisories/34911
third-party-advisory
x_refsource_SECUNIA
http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt
x_refsource_CONFIRM
Hyperlink: http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.tibco.com/services/support/advisories/default.jsp
Resource:
x_refsource_CONFIRM
Hyperlink: http://securitytracker.com/id?1022129
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/34754
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50214
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2009/1198
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html
Resource:
x_refsource_MISC
Hyperlink: http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/34911
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt
x_refsource_CONFIRM
x_transferred
http://www.tibco.com/services/support/advisories/default.jsp
x_refsource_CONFIRM
x_transferred
http://securitytracker.com/id?1022129
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/34754
vdb-entry
x_refsource_BID
x_transferred
http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt
x_refsource_CONFIRM
x_transferred
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785
third-party-advisory
x_refsource_IDEFENSE
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/50214
vdb-entry
x_refsource_XF
x_transferred
http://www.vupen.com/english/advisories/2009/1198
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html
x_refsource_MISC
x_transferred
http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/34911
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.tibco.com/services/support/advisories/default.jsp
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://securitytracker.com/id?1022129
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34754
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50214
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1198
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/34911
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Apr, 2009 | 20:30
Updated At:17 Aug, 2017 | 01:30

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
TIBCO (Cloud Software Group, Inc.)
tibco
>>enterprise_message_service>>Versions up to 5.1.1(inclusive)
cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>enterprise_message_service>>4.0.0
cpe:2.3:a:tibco:enterprise_message_service:4.0.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>enterprise_message_service>>4.1.0
cpe:2.3:a:tibco:enterprise_message_service:4.1.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>enterprise_message_service>>4.2.0
cpe:2.3:a:tibco:enterprise_message_service:4.2.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>enterprise_message_service>>4.3.0
cpe:2.3:a:tibco:enterprise_message_service:4.3.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>enterprise_message_service>>4.4.1
cpe:2.3:a:tibco:enterprise_message_service:4.4.1:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>enterprise_message_service>>4.4.2
cpe:2.3:a:tibco:enterprise_message_service:4.4.2:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>rtworks>>4.0.3
cpe:2.3:a:tibco:rtworks:4.0.3:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>rtworks>>4.0.4
cpe:2.3:a:tibco:rtworks:4.0.4:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>smartsockets>>6.8.0
cpe:2.3:a:tibco:smartsockets:6.8.0:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>smartsockets>>6.8.1
cpe:2.3:a:tibco:smartsockets:6.8.1:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>smartsockets_rtserver>>Versions up to 6.8.1(inclusive)
cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>smartsockets_rtserver>>6.8.0
cpe:2.3:a:tibco:smartsockets_rtserver:6.8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785cve@mitre.org
N/A
http://secunia.com/advisories/34911cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1022129cve@mitre.org
N/A
http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/34754cve@mitre.org
N/A
http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txtcve@mitre.org
Vendor Advisory
http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txtcve@mitre.org
Vendor Advisory
http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txtcve@mitre.org
Vendor Advisory
http://www.tibco.com/services/support/advisories/default.jspcve@mitre.org
Patch
Vendor Advisory
http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jspcve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1198cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/50214cve@mitre.org
N/A
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/34911
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1022129
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34754
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.tibco.com/services/support/advisories/default.jsp
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1198
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50214
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1669Records found
CVE-2007-5655
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.72% / 95.28%
||
7 Day CHG+1.91%
Published-16 Jan, 2008 | 02:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_servicesmartsockets_rtserverrtworksems_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3338
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.38% / 89.88%
||
7 Day CHG~0.00%
Published-13 Aug, 2008 | 22:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-iprocess_enginehawkruntime_agentmainframe_service_trackern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1704
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-12.63% / 93.80%
||
7 Day CHG~0.00%
Published-11 Apr, 2008 | 10:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_serviceiprocess_enginen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43049
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.44%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 17:55
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO BusinessConnect Container Edition username and password leakage

The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-businessconnectTIBCO BusinessConnect Container Edition
CVE-2019-11210
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-10||CRITICAL
EPSS-2.82% / 85.83%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 22:20
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-enterprise_runtime_for_rspotfire_analytics_platform_for_awsTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Enterprise Runtime for R - Server Edition
CVE-2018-5435
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.40% / 80.14%
||
7 Day CHG~0.00%
Published-27 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire Product Family Remote Code Execution Vulnerability

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_desktop_language_packsspotfire_desktopspotfire_analytics_platform_for_awsspotfire_analystspotfire_deployment_kitTIBCO Spotfire Desktop Language PacksTIBCO Spotfire AnalystTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Spotfire Deployment KitTIBCO Spotfire Desktop
CVE-2021-43048
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 50.75%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:50
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO PartnerExpress Click-Jacking vulnerability

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-partnerexpressTIBCO PartnerExpress
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2010-3491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.03% / 90.51%
||
7 Day CHG~0.00%
Published-26 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-activematrix_service_performance_manageractivematrix_businessworks_service_engineactivematrix_service_gridactivematrix_service_busn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5656
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-12.55% / 93.78%
||
7 Day CHG+1.33%
Published-16 Jan, 2008 | 02:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_servicesmartsockets_rtserverrtworksn/a
CWE ID-CWE-399
Not Available
CVE-2007-5657
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-12.83% / 93.86%
||
7 Day CHG+1.36%
Published-16 Jan, 2008 | 02:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_servicesmartsockets_rtserverrtworksems_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5658
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.94% / 94.59%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 02:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_servicesmartsockets_rtserverrtworksn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.52% / 85.08%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_administratorenterprise_administrator_sdkn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-9409
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.01% / 89.47%
||
7 Day CHG~0.00%
Published-20 May, 2020 | 12:25
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Server Fails To Enforce Access Restrictions

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below.

Action-Not Available
Vendor-Oracle CorporationTIBCO (Cloud Software Group, Inc.)
Product-retail_order_brokerjasperreports_serverTIBCO JasperReports ServerTIBCO JasperReports Server for AWS MarketplaceTIBCO JasperReports Server for ActiveMatrix BPM
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-9412
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-10||CRITICAL
EPSS-0.78% / 73.22%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 17:00
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)IBM Corporation
Product-managed_file_transfer_platform_serveriTIBCO Managed File Transfer Platform Server for IBM i
CVE-2016-3628
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.86% / 85.94%
||
7 Day CHG~0.00%
Published-20 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_service_appliance_firmwareenterprise_message_service_applianceenterprise_message_servicen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5546
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.75% / 85.67%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service (service stop and file-transfer outage) via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-smart_pgm_fxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2543
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.30% / 88.61%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-rendezvoussubstantiation_esmessaging_appliancen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1703
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.65% / 93.49%
||
7 Day CHG~0.00%
Published-11 Apr, 2008 | 10:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-iprocess_enginesubstantiation_eshawkrendezvous_datasecurityruntime_agentadapter_files_z_osrendezvous_txrendezvousn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3325
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.00% / 88.16%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-9932
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.40%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 21:36
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Lexmark products have a Buffer Overflow (issue 2 of 3).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarem1145_firmwarex65xc746ms415_firmwarec748m5163dn_firmwarex95x_firmwaree46x_firmwaremx510ms812_firmwaremx6500e_firmwarex792_firmwarems610dnms610dn_firmwarecs748_firmwarec925_firmwarec746_firmwarec792_firmwarexs925ms810de_firmwarems315x548_firmwarexm91xc736_firmwarecs41x_firmwarexm3150_firmwarexm51xxm5163_firmwarem5170_firmwarexm71xxms415w850c734cs796_firmwarecx310xm1135_firmwarems810_firmwarexs95xmx410_firmwarex95xms817_firmwarems51xc950xs79xms810ms417ms817mx91x_firmwarex74xc734_firmwarexs95x_firmwarecs748x65x_firmwarex46x_firmwarems811xs748x46xmx91xms317ms310_firmwarex74x_firmwaremx31xms410_firmwarew850_firmwaremx510_firmwarems317_firmwarem3150dn_firmwarec792ms810demx611mx410ms410c748_firmwarem1140_firmwarems811_firmwarem5155_firmwarex86x_firmwarems818_firmwarec950_firmwaremx6500ecx310_firmwaremx71x_firmwaremx81xxs548_firmwarecs31xcs796ms312_firmwarems71x_firmwarems71xms91x_firmwaremx81x_firmwarexm91x_firmwarexs79x_firmwarems617_firmwarex925xs925_firmwarex73x_firmwaremx31x_firmwarems617cs31x_firmwarem5170ms312xm1135xm3150xm51xx_firmwarem1140mx610_firmwarexs748_firmwarecs41xe46xm3150dnms417_firmwarem5163ms51x_firmwarex548x73xm5155ms812dex86xms91x6500ec925m1145m5163dnxm71xx_firmwarems812ms8186500e_firmwarex792c736ms310mx71xms315_firmwaremx610t65x_firmwaremx511xs548x925_firmwaremx511_firmwaret65xmx611_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-6703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-18.16% / 95.02%
||
7 Day CHG~0.00%
Published-10 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.

Action-Not Available
Vendor-stalker-gamen/a
Product-s.t.a.l.k.e.r.\n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3330
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.00% / 88.16%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-1339
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-20.23% / 95.36%
||
7 Day CHG~0.00%
Published-23 Sep, 2007 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll.

Action-Not Available
Vendor-ezmeetingn/a
Product-ezmeetingn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-1503
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.26% / 90.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2007 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-instant_messengern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3075
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||HIGH
EPSS-29.70% / 96.50%
||
7 Day CHG~0.00%
Published-19 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.

Action-Not Available
Vendor-n/aSchneider Electric SEMitsubishi Electric Automation, Inc.
Product-mitsubishi_mx_componentcitectscadacitectfacilitiesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.43% / 61.87%
||
7 Day CHG~0.00%
Published-26 Jan, 2009 | 15:05
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aFujitsu Limited
Product-systemcastwizard_liten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2003-0819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-58.83% / 98.17%
||
7 Day CHG~0.00%
Published-15 Jan, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-proxy_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3343
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.30% / 89.79%
||
7 Day CHG~0.00%
Published-12 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3348
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.43% / 93.42%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3363
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.53% / 93.46%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3361
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.53% / 93.46%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3354
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-26.11% / 96.16%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 and CVE-2013-3355.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3337
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-18.88% / 95.14%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3353
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-43.98% / 97.44%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3356.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3356
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-43.98% / 97.44%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3353.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3333
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-2.03% / 83.45%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3335
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.00% / 88.16%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3351
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-42.55% / 97.36%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-2740
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-3.49% / 87.30%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/LinuxNovellCanonical Ltd.
Product-solarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serverthunderbirddebian_linuxsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-9933
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.40%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 21:37
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Various Lexmark products have a Buffer Overflow (issue 3 of 3).

Action-Not Available
Vendor-n/aLexmark International, Inc.
Product-ms812de_firmwarem1145_firmwarex65xc746ms415_firmwarec748m5163dn_firmwarex95x_firmwaree46x_firmwaremx510ms812_firmwaremx6500e_firmwarex792_firmwarems610dnms610dn_firmwarecs748_firmwarec925_firmwarec746_firmwarec792_firmwarexs925ms810de_firmwarems315x548_firmwarexm91xc736_firmwarecs41x_firmwarexm3150_firmwarexm51xxm5163_firmwarem5170_firmwarexm71xxms415w850c734cs796_firmwarecx310xm1135_firmwarems810_firmwarexs95xmx410_firmwarex95xms817_firmwarems51xc950xs79xms810ms417ms817mx91x_firmwarex74xc734_firmwarexs95x_firmwarecs748x65x_firmwarex46x_firmwarems811xs748x46xmx91xms317ms310_firmwarex74x_firmwaremx31xms410_firmwarew850_firmwaremx510_firmwarems317_firmwarem3150dn_firmwarec792ms810demx611mx410ms410c748_firmwarem1140_firmwarems811_firmwarem5155_firmwarex86x_firmwarems818_firmwarec950_firmwaremx6500ecx310_firmwaremx71x_firmwaremx81xxs548_firmwarecs31xcs796ms312_firmwarems71x_firmwarems71xms91x_firmwaremx81x_firmwarexm91x_firmwarexs79x_firmwarems617_firmwarex925xs925_firmwarex73x_firmwaremx31x_firmwarems617cs31x_firmwarem5170ms312xm1135xm3150xm51xx_firmwarem1140mx610_firmwarexs748_firmwarecs41xe46xm3150dnms417_firmwarem5163ms51x_firmwarex548x73xm5155ms812dex86xms91x6500ec925m1145m5163dnxm71xx_firmwarems812ms8186500e_firmwarex792c736ms310mx71xms315_firmwaremx610t65x_firmwaremx511xs548x925_firmwaremx511_firmwaret65xmx611_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3341
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-18.88% / 95.14%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, and CVE-2013-3340.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3352
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-26.11% / 96.16%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3354 and CVE-2013-3355.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3334
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.00% / 88.16%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3331
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-2.03% / 83.45%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3329
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.00% / 88.16%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3326
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.00% / 88.16%
||
7 Day CHG~0.00%
Published-16 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-flash_playeradobe_airenterprise_linux_serverlinux_kernelenterprise_linux_eusopensuseenterprise_linux_desktopenterprise_linux_server_eusadobe_air_sdkenterprise_linux_workstationlinux_enterprise_desktopwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3344
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-9.88% / 92.83%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerlinux_kernelwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3362
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-11.53% / 93.46%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3345
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-9.43% / 92.62%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerlinux_kernelwindowsmac_os_xandroidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3355
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-26.11% / 96.16%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3352 and CVE-2013-3354.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-windowsacrobatmac_os_xacrobat_readern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 33
  • 34
  • Next
Details not found