Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1493

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Apr, 2009 | 20:00
Updated At-07 Aug, 2024 | 05:13
Rejected At-
Credits

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Apr, 2009 | 20:00
Updated At:07 Aug, 2024 | 05:13
Rejected At:
▼CVE Numbering Authority (CNA)

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34740
vdb-entry
x_refsource_BID
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
x_refsource_CONFIRM
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
x_refsource_CONFIRM
http://secunia.com/advisories/35734
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
third-party-advisory
x_refsource_CERT
https://www.exploit-db.com/exploits/8570
exploit
x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/1189
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
vdb-entry
x_refsource_XF
http://www.adobe.com/support/security/bulletins/apsb09-06.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
x_refsource_MISC
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
x_refsource_MISC
http://osvdb.org/54129
vdb-entry
x_refsource_OSVDB
http://security.gentoo.org/glsa/glsa-200907-06.xml
vendor-advisory
x_refsource_GENTOO
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
vendor-advisory
x_refsource_SUNALERT
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/34924
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1317
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1022139
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/35358
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35055
third-party-advisory
x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/970180
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0478.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/35096
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35152
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/34740
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35734
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://www.exploit-db.com/exploits/8570
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Resource:
x_refsource_MISC
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Resource:
x_refsource_MISC
Hyperlink: http://osvdb.org/54129
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/34924
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1022139
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/35358
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35055
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/35096
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35152
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34740
vdb-entry
x_refsource_BID
x_transferred
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
x_refsource_CONFIRM
x_transferred
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35734
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
third-party-advisory
x_refsource_CERT
x_transferred
https://www.exploit-db.com/exploits/8570
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.vupen.com/english/advisories/2009/1189
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
vdb-entry
x_refsource_XF
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-06.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
x_refsource_MISC
x_transferred
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
x_refsource_MISC
x_transferred
http://osvdb.org/54129
vdb-entry
x_refsource_OSVDB
x_transferred
http://security.gentoo.org/glsa/glsa-200907-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/34924
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1317
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1022139
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/35358
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35055
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.kb.cert.org/vuls/id/970180
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/35416
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-0478.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/35096
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35152
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34740
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35734
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/8570
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://osvdb.org/54129
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/34924
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022139
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/35358
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35055
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/35416
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/35096
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35152
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Apr, 2009 | 20:30
Updated At:23 Apr, 2026 | 00:35

The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Adobe Inc.
adobe
>>reader>>8.1.4
cpe:2.3:a:adobe:reader:8.1.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>reader>>9.1
cpe:2.3:a:adobe:reader:9.1:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.htmlcve@mitre.org
Vendor Advisory
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.htmlcve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://osvdb.org/54129cve@mitre.org
Broken Link
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txtcve@mitre.org
Exploit
http://secunia.com/advisories/34924cve@mitre.org
Broken Link
http://secunia.com/advisories/35055cve@mitre.org
Broken Link
http://secunia.com/advisories/35096cve@mitre.org
Broken Link
http://secunia.com/advisories/35152cve@mitre.org
Broken Link
http://secunia.com/advisories/35358cve@mitre.org
Broken Link
http://secunia.com/advisories/35416cve@mitre.org
Broken Link
http://secunia.com/advisories/35734cve@mitre.org
Broken Link
http://security.gentoo.org/glsa/glsa-200907-06.xmlcve@mitre.org
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1cve@mitre.org
Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953cve@mitre.org
Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb09-06.htmlcve@mitre.org
Third Party Advisory
http://www.kb.cert.org/vuls/id/970180cve@mitre.org
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2009-0478.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/34740cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022139cve@mitre.org
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133B.htmlcve@mitre.org
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1189cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2009/1317cve@mitre.org
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146cve@mitre.org
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/8570cve@mitre.org
Third Party Advisory
VDB Entry
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://osvdb.org/54129af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/34924af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35055af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35096af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35152af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35358af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35416af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/35734af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-200907-06.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb09-06.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.kb.cert.org/vuls/id/970180af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2009-0478.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/34740af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022139af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133B.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1189af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2009/1317af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/8570af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/54129
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34924
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35055
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35096
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35152
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35358
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35416
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35734
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/34740
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022139
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/8570
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://osvdb.org/54129
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/34924
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35055
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35096
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35152
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35358
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://secunia.com/advisories/35734
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-06.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/970180
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0478.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/34740
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022139
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-133B.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2009/1189
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2009/1317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/8570
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

589Records found
CVE-2021-29986
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.59% / 69.29%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

Action-Not Available
Vendor-Mozilla CorporationLinux Kernel Organization, Inc
Product-firefoxthunderbirdlinux_kernelfirefox_esrThunderbirdFirefox ESRFirefox
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2013-0884
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 40.93%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CVE-2021-29888
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.76%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 16:00
Updated-16 Sep, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-28589
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-2.25% / 84.79%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:09
Updated-23 Apr, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder TS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsmedia_encoderMedia Encoder
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28548
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.78% / 90.59%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:56
Updated-23 Apr, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28554
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-27.35% / 96.48%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:50
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28549
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.78% / 90.59%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:53
Updated-23 Apr, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution

Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28592
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.99% / 83.86%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:09
Updated-23 Apr, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28620
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.43% / 90.27%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:15
Updated-23 Apr, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate heap corruption vulnerability could lead to arbitrary code execution

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28564
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-31.08% / 96.82%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:09
Updated-16 Sep, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader out-of-bounds write vulnerability could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28642
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-37.33% / 97.23%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC Out-of-Bounds Write Arbitrary Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bounds write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-acrobat_dcacrobat_reader_dcAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28632
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-26.16% / 96.37%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:50
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-13471: Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28590
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-2.25% / 84.79%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:09
Updated-23 Apr, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder VOB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsmedia_encoderMedia Encoder
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28591
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.99% / 83.86%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:09
Updated-23 Apr, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsillustratorIllustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28560
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-37.35% / 97.23%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:08
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader heap corruption vulnerability could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28550
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.6||CRITICAL
EPSS-30.72% / 96.79%
||
7 Day CHG-4.75%
Published-02 Sep, 2021 | 16:07
Updated-23 Oct, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-windowsacrobat_dcacrobatmacosacrobat_readeracrobat_reader_dcAcrobat ReaderAcrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28622
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.01% / 90.80%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:16
Updated-17 Sep, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsanimateAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2012-2850
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.84% / 83.20%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xframewindowschromelinux_kerneln/a
CVE-2012-2860
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-0.45% / 63.64%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xframewindowschromelinux_kerneln/a
CVE-2021-28562
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-22.85% / 95.97%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 13:45
Updated-16 Sep, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader use-after-free could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascript. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28621
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.22% / 88.89%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:15
Updated-23 Apr, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-2855
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-0.67% / 71.47%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xframewindowschromelinux_kerneln/a
CVE-2021-28561
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-18.21% / 95.29%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:09
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader memory corruption vulnerability could lead to remote code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28552
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.36% / 90.19%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:50
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28602
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.55% / 85.69%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:57
Updated-23 Apr, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects Memory corruption could lead to code execution vulnerability

Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28638
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-42.20% / 97.50%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-acrobat_dcacrobat_reader_dcAcrobat Reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28631
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-26.16% / 96.37%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:51
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28641
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-46.29% / 97.70%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader Use-After-Free Arbitrary Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-acrobat_dcacrobat_reader_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28553
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-42.44% / 97.51%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:07
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader use-after-free vulnerability could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-28551
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-19.75% / 95.53%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:51
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC JPEG2000 Editing Out-Of-Bounds Read Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28629
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-9.46% / 92.92%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:16
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate heap corruption vulnerability could lead to arbitrary code execution

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsanimateAnimate
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28558
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-41.54% / 97.47%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:06
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-28630
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.29% / 79.87%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 18:16
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose potential sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsanimateAnimate
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-0777
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.8||MEDIUM
EPSS-8.46% / 92.45%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Linux Kernel Organization, Inc
Product-acrobatacrobat_readerlinux_kernelmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5050
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.31% / 54.25%
||
7 Day CHG~0.00%
Published-25 Apr, 2017 | 03:23
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsmacoschromeandroidlinux_kernelGoogle Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-26615
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.71%
||
7 Day CHG~0.00%
Published-26 Nov, 2021 | 16:33
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
bandisoft ARK library integer overflow vulnerability

ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.

Action-Not Available
Vendor-Linux Kernel Organization, IncBandisoft International Inc.
Product-ark_librarylinux_kernelARK
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-26636
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.26% / 79.60%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 13:55
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Maxboard Remote Code Execution

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.

Action-Not Available
Vendor-maxbMaxBoardLinux Kernel Organization, Inc
Product-linux_kernelmaxboardMaxBoard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4604
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.94% / 76.47%
||
7 Day CHG~0.00%
Published-07 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2942
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 55.06%
||
7 Day CHG~0.00%
Published-08 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linuxn/a
CVE-2020-35963
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.27%
||
7 Day CHG~0.00%
Published-03 Jan, 2021 | 18:15
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.

Action-Not Available
Vendor-treasuredatan/aLinux Kernel Organization, Inc
Product-linux_kernelfluent_bitn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21086
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-18.60% / 95.35%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:00
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Reader CoolType Arbitrary Stack Manipulation

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21153
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.23% / 79.38%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 21:20
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectLinux Kernel Organization, Inc
Product-chromefedoralinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21149
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.81% / 74.43%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 21:20
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

Action-Not Available
Vendor-Google LLCFedora ProjectLinux Kernel Organization, Inc
Product-chromefedoralinux_kernelChrome
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21065
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-6.78% / 91.42%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 13:25
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Font Parsing Out-Of-Bounds Write Arbitrary Code Execution Vulnerability

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsbridgeBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21077
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.24% / 87.28%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 18:11
Updated-23 Apr, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate heap-based overflow vulnerability

Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21082
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.88% / 83.39%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 18:21
Updated-23 Apr, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop Memory Corruption

Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-photoshopPhotoshop
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21095
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.12% / 84.35%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:52
Updated-23 Apr, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge TTF Font Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution

Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21179
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.62% / 82.08%
||
7 Day CHG+0.34%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCFedora ProjectDebian GNU/Linux
Product-chromedebian_linuxlinux_kernelfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-21100
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.96% / 76.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 13:51
Updated-23 Apr, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Digital Editions Arbitrary file system write vulnerability

Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.
Product-digital_editionsmacosDigital Editions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CVE-2011-1439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.06%
||
7 Day CHG~0.00%
Published-03 May, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLCLinux Kernel Organization, Inc
Product-chromelinux_kerneln/a
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • Next
Details not found