Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1725

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Jul, 2009 | 17:00
Updated At-07 Aug, 2024 | 05:20
Rejected At-
Credits

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Jul, 2009 | 17:00
Updated At:07 Aug, 2024 | 05:20
Rejected At:
â–¼CVE Numbering Authority (CNA)

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://websvn.kde.org/?view=rev&revision=1002164
x_refsource_CONFIRM
http://websvn.kde.org/?view=rev&revision=1002163
x_refsource_CONFIRM
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
vendor-advisory
x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
vendor-advisory
x_refsource_MANDRIVA
http://support.apple.com/kb/HT3666
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
vendor-advisory
x_refsource_APPLE
http://websvn.kde.org/?view=rev&revision=1002162
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/bid/35607
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2009/1827
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/37746
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/55739
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/36790
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36347
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1950
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/36062
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-857-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/36057
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
vendor-advisory
x_refsource_FEDORA
http://www.securitytracker.com/id?1022526
vdb-entry
x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
vdb-entry
signature
x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=513813
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-836-1
vendor-advisory
x_refsource_UBUNTU
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
vendor-advisory
x_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/36677
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3860
x_refsource_CONFIRM
http://secunia.com/advisories/35758
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Resource:
x_refsource_CONFIRM
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://support.apple.com/kb/HT3666
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/35607
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/37746
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/55739
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/36790
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36347
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/36062
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/36057
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securitytracker.com/id?1022526
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/36677
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT3860
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35758
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Resource:
vendor-advisory
x_refsource_FEDORA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://websvn.kde.org/?view=rev&revision=1002164
x_refsource_CONFIRM
x_transferred
http://websvn.kde.org/?view=rev&revision=1002163
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://support.apple.com/kb/HT3666
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://websvn.kde.org/?view=rev&revision=1002162
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/bid/35607
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2009/1827
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/37746
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/55739
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/36790
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36347
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2009/dsa-1950
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/36062
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-857-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/36057
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securitytracker.com/id?1022526
vdb-entry
x_refsource_SECTRACK
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=513813
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-836-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/36677
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT3860
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35758
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3666
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35607
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/37746
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/55739
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/36790
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36347
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/36062
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/36057
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022526
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/36677
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3860
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35758
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Jul, 2009 | 17:30
Updated At:23 Apr, 2026 | 00:35

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Apple Inc.
apple
>>safari>>Versions up to 4.0.1(inclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.0
cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.1
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.2
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.4
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.0
cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.0b
cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.1
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.1
cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.1b
cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.2
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.2b
cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.3
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.3b
cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.4
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.4b
cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.0
cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.0b
cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.1
cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.2
cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.2.0
cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.2.1
cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.2.2
cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0.0b
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions up to 3.0.1(inclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.0.0
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.0.1
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.0.2
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.0
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.1
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.2
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.3
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.4
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.5
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0.0
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0.1
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0.2
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.1
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.1.1
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.2
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.2.1
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-08-07T00:00:00

Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.htmlcve@mitre.org
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlcve@mitre.org
N/A
http://osvdb.org/55739cve@mitre.org
N/A
http://secunia.com/advisories/35758cve@mitre.org
N/A
http://secunia.com/advisories/36057cve@mitre.org
N/A
http://secunia.com/advisories/36062cve@mitre.org
N/A
http://secunia.com/advisories/36347cve@mitre.org
N/A
http://secunia.com/advisories/36677cve@mitre.org
N/A
http://secunia.com/advisories/36790cve@mitre.org
N/A
http://secunia.com/advisories/37746cve@mitre.org
N/A
http://secunia.com/advisories/43068cve@mitre.org
N/A
http://support.apple.com/kb/HT3666cve@mitre.org
Patch
Vendor Advisory
http://support.apple.com/kb/HT3860cve@mitre.org
N/A
http://websvn.kde.org/?view=rev&revision=1002162cve@mitre.org
N/A
http://websvn.kde.org/?view=rev&revision=1002163cve@mitre.org
N/A
http://websvn.kde.org/?view=rev&revision=1002164cve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1950cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330cve@mitre.org
N/A
http://www.securityfocus.com/bid/35607cve@mitre.org
Patch
http://www.securitytracker.com/id?1022526cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-836-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-857-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1827cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0212cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=513813cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.htmlcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/55739af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35758af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36057af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36062af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36347af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36677af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36790af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37746af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43068af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3666af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://support.apple.com/kb/HT3860af854a3a-2127-422b-91ae-364da2661108
N/A
http://websvn.kde.org/?view=rev&revision=1002162af854a3a-2127-422b-91ae-364da2661108
N/A
http://websvn.kde.org/?view=rev&revision=1002163af854a3a-2127-422b-91ae-364da2661108
N/A
http://websvn.kde.org/?view=rev&revision=1002164af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2009/dsa-1950af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/35607af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1022526af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-836-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-857-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1827af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0212af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=513813af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/55739
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35758
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36057
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36062
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36347
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36677
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36790
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37746
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/43068
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3666
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT3860
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35607
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022526
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/55739
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35758
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36057
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36347
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36677
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36790
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37746
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43068
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3666
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT3860
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022526
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1915Records found
CVE-2017-2937
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.03% / 84.00%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelchrome_osAdobe Flash Player 24.0.0.186 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2010-3649
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.96% / 86.66%
||
7 Day CHG~0.00%
Published-07 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsolariswindowsflash_playerandroidlinux_kerneln/a
CVE-2010-4381
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.23% / 79.36%
||
7 Day CHG~0.00%
Published-14 Dec, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file.

Action-Not Available
Vendor-n/aRealNetworks LLCApple Inc.
Product-mac_os_xrealplayer_sprealplayern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2472
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-4.80% / 89.61%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-416
Use After Free
CVE-2010-3802
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-8.00% / 92.19%
||
7 Day CHG~0.00%
Published-09 Dec, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CVE-2022-26702
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.62% / 70.19%
||
7 Day CHG+0.02%
Published-26 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ostvoswatchosipadoswatchOS
CWE ID-CWE-416
Use After Free
CVE-2022-26771
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.05%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 19:26
Updated-30 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ostvosipadoswatchoswatchOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2951
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.56% / 85.70%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatmac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2022-26749
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.45% / 63.87%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 19:11
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-3001
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-1.91% / 83.54%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 24.0.0.221 and earlier.
CWE ID-CWE-416
Use After Free
CVE-2010-2997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.78% / 86.26%
||
7 Day CHG~0.00%
Published-14 Dec, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.

Action-Not Available
Vendor-n/aRealNetworks LLCApple Inc.Linux Kernel Organization, Inc
Product-mac_os_xrealplayer_splinux_kernelrealplayern/a
CVE-2019-3855
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-16.24% / 94.91%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 20:13
Updated-17 Dec, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Action-Not Available
Vendor-libssh2The libssh2 ProjectDebian GNU/LinuxFedora ProjectOracle CorporationopenSUSERed Hat, Inc.NetApp, Inc.Apple Inc.
Product-enterprise_linux_serverpeoplesoft_enterprise_peopletoolsdebian_linuxenterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linuxxcodelibssh2enterprise_linux_server_tusenterprise_linux_desktopleaplibssh2
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26744
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.39% / 60.25%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 00:00
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2986
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-38.11% / 97.28%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2503
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.74%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3257
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-8.59% / 92.52%
||
7 Day CHG-1.75%
Published-07 Sep, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

Action-Not Available
Vendor-webkitgtkn/aCanonical Ltd.Apple Inc.Google LLC
Product-ubuntu_linuxiphone_ossafarichromewebkitgtkn/a
CWE ID-CWE-416
Use After Free
CVE-2017-2990
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.26% / 84.83%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 24.0.0.194 and earlier.
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-2999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-2.47% / 85.46%
||
7 Day CHG~0.00%
Published-14 Dec, 2010 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.

Action-Not Available
Vendor-n/aRealNetworks LLCApple Inc.Linux Kernel Organization, Inc
Product-mac_os_xrealplayer_splinux_kernelrealplayern/a
CVE-2014-1249
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-5.12% / 89.95%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2884
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-39.68% / 97.37%
||
7 Day CHG~0.00%
Published-15 Sep, 2010 | 17:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.

Action-Not Available
Vendor-n/aApple Inc.Google LLCMicrosoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsflash_playerandroidn/a
CVE-2021-45060
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.47% / 85.46%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:05
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC TTF Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-24104
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.92% / 90.72%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:08
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2022-24095
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.14% / 78.61%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-23 Apr, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects Stack-based Buffer Overflow Arbitrary code execution

Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosafter_effectsAfter Effects
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24102
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.02% / 83.96%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:06
Updated-17 Sep, 2024 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2022-24098
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.72% / 82.60%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 17:03
Updated-23 Apr, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop PCX File Parsing Memory Corruption Remote Code Execution Vulnerability

Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2212
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.99% / 92.18%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1898
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-35.27% / 97.11%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-silverlightwindowsmac_os_x.net_frameworkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2207
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-9.62% / 92.99%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2206
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.43% / 89.16%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CVE-2022-22579
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.42%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvosmac_os_xmacostvOSmacOSiOS and iPadOS
CVE-2010-1780
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-5.94% / 90.74%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CVE-2010-1789
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-18.38% / 95.32%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1728
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.46% / 93.69%
||
7 Day CHG~0.00%
Published-05 May, 2010 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.

Action-Not Available
Vendor-n/aApple Inc.OperaMicrosoft Corporation
Product-windowsmac_os_xopera_browsern/a
CVE-2010-1405
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-8.20% / 92.30%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CVE-2010-1770
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-4.18% / 88.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEGoogle LLCSUSEMicrosoft Corporation
Product-webkitubuntu_linuxwindows_7mac_os_xsuse_linux_enterprise_serverwindows_vistawindows_xpsafarichromesuse_linux_enterprise_desktopmac_os_x_serveropensusen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1415
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-31.85% / 96.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1283
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.61% / 92.52%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosshockwave_playern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-22636
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.64%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvostvOSiOS and iPadOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-1287
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.40% / 89.12%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windows_7windows_server_2008windows_vistawindowsmacosshockwave_playerwindows_server_2003n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2208
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.99% / 86.72%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2168
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-13.54% / 94.32%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CVE-2010-2210
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-3.52% / 87.79%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2211, and CVE-2010-2212.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xwindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1824
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-14.66% / 94.57%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeitunesn/a
CWE ID-CWE-416
Use After Free
CVE-2010-1823
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-1.90% / 83.47%
||
7 Day CHG~0.00%
Published-24 Sep, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeitunessafarin/a
CWE ID-CWE-416
Use After Free
CVE-2010-1280
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-35.64% / 97.14%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosshockwave_playern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-1412
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-15.62% / 94.79%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CVE-2010-1417
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-8.20% / 92.30%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1284
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-2.55% / 85.68%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windows_7windows_server_2008windows_vistawindowsmacosshockwave_playerwindows_server_2003n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1786
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-5.43% / 90.27%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CVE-2010-1291
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.40% / 89.12%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windows_7windows_server_2008windows_vistawindowsmacosshockwave_playerwindows_server_2003n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 38
  • 39
  • Next
Details not found