Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0159

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Feb, 2010 | 17:00
Updated At-07 Aug, 2024 | 00:37
Rejected At-
Credits

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Feb, 2010 | 17:00
Updated At:07 Aug, 2024 | 00:37
Rejected At:
▼CVE Numbering Authority (CNA)

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-895-1
vendor-advisory
x_refsource_UBUNTU
https://bugzilla.mozilla.org/show_bug.cgi?id=534082
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0153.html
vendor-advisory
x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/38847
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2010-0113.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
vendor-advisory
x_refsource_MANDRIVA
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.mozilla.org/show_bug.cgi?id=530880
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2010-0112.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/0650
vdb-entry
x_refsource_VUPEN
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/56359
vdb-entry
x_refsource_XF
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/38770
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=467005
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=528134
x_refsource_CONFIRM
http://www.debian.org/security/2010/dsa-1999
vendor-advisory
x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2010-0154.html
vendor-advisory
x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.mozilla.org/show_bug.cgi?id=527567
x_refsource_CONFIRM
http://secunia.com/advisories/38772
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-896-1
vendor-advisory
x_refsource_UBUNTU
http://www.vupen.com/english/advisories/2010/0405
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/37242
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.mozilla.org/show_bug.cgi?id=528300
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=501934
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
vendor-advisory
x_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.ubuntu.com/usn/USN-895-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=534082
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0153.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/38847
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0113.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=530880
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0112.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2010/0650
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56359
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/38770
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=467005
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528134
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2010/dsa-1999
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0154.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=527567
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/38772
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-896-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.vupen.com/english/advisories/2010/0405
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/37242
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528300
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=501934
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485
Resource:
vdb-entry
signature
x_refsource_OVAL
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-895-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=534082
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0153.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/38847
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0113.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=530880
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0112.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2010/0650
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/56359
vdb-entry
x_refsource_XF
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/38770
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=467005
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=528134
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2010/dsa-1999
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0154.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=527567
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/38772
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-896-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.vupen.com/english/advisories/2010/0405
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/37242
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=528300
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=501934
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-895-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=534082
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0153.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/38847
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0113.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=530880
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0112.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0650
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56359
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/38770
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=467005
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528134
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2010/dsa-1999
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0154.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=527567
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/38772
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-896-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/0405
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/37242
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528300
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=501934
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Feb, 2010 | 13:00
Updated At:11 Apr, 2025 | 00:51

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions from 3.0(inclusive) to 3.0.18(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions from 3.5(inclusive) to 3.5.8(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>seamonkey>>Versions before 2.0.3(exclusive)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 3.0.2(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.04
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.10
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://secunia.com/advisories/37242cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/38770cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/38772cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/38847cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2010/dsa-1999cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042cve@mitre.org
Third Party Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-01.htmlcve@mitre.org
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0112.htmlcve@mitre.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0113.htmlcve@mitre.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0153.htmlcve@mitre.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0154.htmlcve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-895-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-896-1cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0405cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0650cve@mitre.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=467005cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=501934cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=527567cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=528134cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=528300cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=530880cve@mitre.org
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=534082cve@mitre.org
Issue Tracking
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56359cve@mitre.org
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485cve@mitre.org
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590cve@mitre.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://secunia.com/advisories/37242af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/38770af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/38772af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/38847af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2010/dsa-1999af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mozilla.org/security/announce/2010/mfsa2010-01.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0112.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0113.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0153.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0154.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-895-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-896-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0405af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0650af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=467005af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=501934af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=527567af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=528134af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=528300af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=530880af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=534082af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56359af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/37242
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38770
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38772
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38847
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2010/dsa-1999
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0112.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0113.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0153.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0154.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-895-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-896-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0405
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0650
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=467005
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=501934
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=527567
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528134
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528300
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=530880
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=534082
Source: cve@mitre.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56359
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/37242
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38772
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38847
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2010/dsa-1999
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0112.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0113.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0153.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0154.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-895-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-896-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=467005
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=501934
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=527567
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528134
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=528300
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=530880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=534082
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56359
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

414Records found
CVE-2002-0007
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.84% / 82.21%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2019-7304
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-8.8||HIGH
EPSS-82.22% / 99.17%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 15:57
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation via snapd socket

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

Action-Not Available
Vendor-Canonical Ltd.
Product-snapdubuntu_linuxsnapd
CWE ID-CWE-863
Incorrect Authorization
CVE-2000-1221
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-12.18% / 93.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Silicon Graphics, Inc.
Product-linuxdebian_linuxirixn/a
CVE-2001-0233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.82% / 94.25%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

Action-Not Available
Vendor-matthew_smithn/aDebian GNU/LinuxRed Hat, Inc.
Product-linuxmicqdebian_linuxn/a
CVE-2020-1946
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.01% / 82.94%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 09:20
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache SpamAssassin has an OS Command Injection vulnerability

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectThe Apache Software Foundation
Product-debian_linuxspamassassinfedoraApache SpamAssassin
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2000-0844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.89% / 74.60%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Action-Not Available
Vendor-trustixconectivaimmunixturbolinuxn/aMandriva (Mandrakesoft)SlackwareDebian GNU/LinuxRed Hat, Inc.SUSEIBM CorporationSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)The MITRE Corporation (Caldera)
Product-openlinux_eserversecure_linuxaixsolaristurbolinuxirixopenlinux_ebuilderimmunixdebian_linuxsunossuse_linuxlinuxslackware_linuxopenlinuxmandrake_linuxn/a
CVE-2000-0584
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.33% / 89.66%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFreeBSD Foundation
Product-debian_linuxfreebsdn/a
CVE-2015-0408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-11.78% / 93.44%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

Action-Not Available
Vendor-n/aOracle CorporationopenSUSERed Hat, Inc.Debian GNU/LinuxNovellCanonical Ltd.
Product-enterprise_linuxopensuseubuntu_linuxsuse_linux_enterprise_serverjdksuse_linux_enterprise_desktopdebian_linuxjren/a
CVE-1999-0730
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.02% / 76.31%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-1999-0832
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.24% / 78.37%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.
Product-linuxdebian_linuxn/a
CVE-1999-0048
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.28% / 78.76%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDebian GNU/LinuxIBM CorporationNEC Corporation
Product-ews-ux_vnetkitaixup-ux_vasl_ux_4800n/a
CVE-2007-1794
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.32% / 86.74%
||
7 Day CHG~0.00%
Published-02 Apr, 2007 | 22:00
Updated-07 Aug, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Mozilla Corporation
Product-sunosmozillasolarisn/a
CVE-1999-0368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-48.33% / 97.65%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Action-Not Available
Vendor-proftpd_projectwashington_universityscon/aSlackwareThe MITRE Corporation (Caldera)Red Hat, Inc.Debian GNU/Linux
Product-proftpdopenserverunixwaredebian_linuxlinuxslackware_linuxopenlinuxwu-ftpdn/a
CVE-2007-2176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.68% / 85.24%
||
7 Day CHG~0.00%
Published-24 Apr, 2007 | 16:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2010-2495
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-1.49% / 80.28%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSECanonical Ltd.
Product-linux_kernelubuntu_linuxsuse_linux_enterprise_high_availability_extensionsuse_linux_enterprise_desktopsuse_linux_enterprise_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2007-2442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-39.32% / 97.19%
||
7 Day CHG~0.00%
Published-26 Jun, 2007 | 22:00
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)Debian GNU/LinuxCanonical Ltd.
Product-kerberos_5ubuntu_linuxdebian_linuxn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2007-0956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-35.94% / 96.96%
||
7 Day CHG~0.00%
Published-06 Apr, 2007 | 01:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)Debian GNU/LinuxCanonical Ltd.
Product-kerberos_5ubuntu_linuxdebian_linuxn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-18017
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-38.09% / 97.11%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 06:00
Updated-03 Jan, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncF5, Inc.Red Hat, Inc.SUSEDebian GNU/LinuxArista Networks, Inc.OpenStack
Product-enterprise_linux_serverubuntu_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverenterprise_linux_server_auslinux_enterprise_point_of_saleenterprise_linux_for_real_time_for_nfvopenstack_cloudlinux_enterprise_live_patchinglinux_enterprise_module_for_public_cloudlinux_enterprise_real_time_extensiondebian_linuxlinux_kernelcloud_magnum_orchestrationmrg_realtimeenterprise_linux_workstationlinux_enterprise_high_availability_extensionlinux_enterprise_debuginfoenterprise_linux_euslinux_enterprise_high_availabilityarxcaas_platformlinux_enterprise_workstation_extensionlinux_enterprise_desktopeosenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timeleapn/a
CWE ID-CWE-416
Use After Free
CVE-2007-0061
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.67% / 94.22%
||
7 Day CHG~0.00%
Published-21 Sep, 2007 | 18:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

Action-Not Available
Vendor-n/aCanonical Ltd.VMware (Broadcom Inc.)
Product-workstationesxubuntu_linuxaceserverplayern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0063
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.59% / 91.47%
||
7 Day CHG~0.00%
Published-21 Sep, 2007 | 18:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

Action-Not Available
Vendor-n/aCanonical Ltd.VMware (Broadcom Inc.)
Product-workstationesxubuntu_linuxaceserverplayern/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2017-17458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.25% / 94.77%
||
7 Day CHG~0.00%
Published-07 Dec, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.

Action-Not Available
Vendor-mercurialn/aDebian GNU/Linux
Product-debian_linuxmercurialn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2006-6853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-18.52% / 95.00%
||
7 Day CHG+0.57%
Published-04 Jan, 2007 | 02:00
Updated-07 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-durian_web_application_servern/a
CVE-2009-3377
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.22% / 91.86%
||
7 Day CHG~0.00%
Published-29 Oct, 2009 | 14:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2009-3373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-13.49% / 93.95%
||
7 Day CHG~0.00%
Published-29 Oct, 2009 | 14:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3070
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-4.27% / 88.37%
||
7 Day CHG~0.00%
Published-10 Sep, 2009 | 21:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2017-12762
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.97% / 75.65%
||
7 Day CHG~0.00%
Published-09 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-linux_kernelubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2469
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-4.36% / 88.50%
||
7 Day CHG-1.61%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-399
Not Available
CVE-2006-4571
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-9.63% / 92.58%
||
7 Day CHG~0.00%
Published-15 Sep, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-seamonkeythunderbirdn/a
CVE-2017-12377
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-27.08% / 96.19%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 20:00
Updated-02 Dec, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-debian_linuxclamavClamAV AntiVirus software versions 0.99.2 and prior
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12379
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-22.23% / 95.58%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 20:00
Updated-02 Dec, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.

Action-Not Available
Vendor-n/aDebian GNU/LinuxClamAV
Product-debian_linuxclamavClamAV AntiVirus software versions 0.99.2 and prior
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-1790
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-13.62% / 93.98%
||
7 Day CHG~0.00%
Published-14 Apr, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2009-0846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-23.59% / 95.77%
||
7 Day CHG~0.00%
Published-09 Apr, 2009 | 00:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Action-Not Available
Vendor-n/aApple Inc.MIT (Massachusetts Institute of Technology)Red Hat, Inc.Canonical Ltd.Fedora Project
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_workstationfedoraenterprise_linuxmac_os_xenterprise_linux_euskerberos_5enterprise_linux_desktopn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2009-0771
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-7.68% / 91.53%
||
7 Day CHG~0.00%
Published-05 Mar, 2009 | 02:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2017-9232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-76.53% / 98.90%
||
7 Day CHG~0.00%
Published-28 May, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-jujun/a
CWE ID-CWE-862
Missing Authorization
CVE-2005-3625
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-11.29% / 93.25%
||
7 Day CHG~0.00%
Published-06 Jan, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Action-Not Available
Vendor-popplereasy_software_productslibextractorxpdftrustixtetexconectivascoturbolinuxn/aMandriva (Mandrakesoft)KDESlackwareGentoo Foundation, Inc.Debian GNU/LinuxRed Hat, Inc.SUSEUbuntuSilicon Graphics, Inc.
Product-popplerkwordtetexsecure_linuxxpdfubuntu_linuxopenserverturbolinux_desktoplibextractorturbolinux_multimediaturbolinux_homedebian_linuxturbolinux_workstationkdegraphicslinuxenterprise_linuxlinux_advanced_workstationpropackcupskofficemandrake_linux_corporate_serverturbolinux_serverturbolinuxenterprise_linux_desktopsuse_linuxkpdfturbolinux_personalfedora_coreturbolinux_appliance_serverslackware_linuxmandrake_linuxn/a
CVE-2005-2700
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-6.22% / 90.50%
||
7 Day CHG~0.00%
Published-06 Sep, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe Apache Software FoundationCanonical Ltd.
Product-debian_linuxubuntu_linuxhttp_servern/a
CVE-2017-1000116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-04 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

Action-Not Available
Vendor-mercurialn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusmercurialenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-0359
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.45%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 16:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.

Action-Not Available
Vendor-reproducible_buildsDebian GNU/Linux
Product-debian_linuxdiffoscopediffoscope
CVE-2016-7117
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.05%
||
7 Day CHG~0.00%
Published-10 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncCanonical Ltd.
Product-debian_linuxlinux_kernelubuntu_linuxn/a
CVE-2016-6662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-89.17% / 99.51%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Action-Not Available
Vendor-perconan/aMariaDB FoundationRed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausmariadbmysqlenterprise_linux_desktoppercona_serverenterprise_linux_server_eusenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxopenstackn/a
CVE-2016-7161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.18% / 89.51%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-5118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-35.42% / 96.92%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Action-Not Available
Vendor-n/aOracle CorporationImageMagick Studio LLCCanonical Ltd.Debian GNU/LinuxGraphicsMagickSUSEopenSUSE
Product-solarisstudio_onsiteleapopensuseubuntu_linuximagemagickgraphicsmagicklinux_enterprise_desktoplinux_enterprise_debuginfolinux_enterprise_workstation_extensiondebian_linuxlinuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2016-3714
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-93.86% / 99.86%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-09-30||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Action-Not Available
Vendor-n/aSUSEDebian GNU/LinuxopenSUSECanonical Ltd.ImageMagick Studio LLC
Product-leapopensuseubuntu_linuximagemagicksuse_linux_enterprise_serverdebian_linuxn/asuse_linux_enterprise_serverimagemagickopensusedebian_linuxubuntu_linuxleapImageMagick
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.80% / 93.75%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kerneldebian_linuxubuntu_linuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.63% / 99.83%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Action-Not Available
Vendor-n/aOracle CorporationThe Apache Software FoundationSUSENetApp, Inc.Red Hat, Inc.openSUSECanonical Ltd.Debian GNU/Linux
Product-oncommand_workflow_automationoncommand_performance_managerlinux_enterprise_serveroncommand_shiftmanager_proxyenterprise_linux_server_eusoncommand_unified_managerjdkoncommand_reportmanagere-series_santricity_web_servicesdebian_linuxlinuxvasa_provider_for_clustered_data_ontape-series_santricity_management_plug-insenterprise_linux_server_ausstoragegridjrockitleapopensuseenterprise_linux_desktope-series_santricity_storage_managersatelliteenterprise_linux_serverenterprise_linux_euslinux_enterprise_module_for_legacyopenstack_cloudlinux_enterprise_desktoplinux_enterprise_software_development_kitoncommand_insightoncommand_balanceubuntu_linuxoncommand_cloud_managerenterprise_linux_server_tusenterprise_linux_workstationjrecassandravirtual_storage_consolen/aJava SE and JRockit
CWE ID-CWE-284
Improper Access Control
CVE-2012-5835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.07% / 83.20%
||
7 Day CHG~0.00%
Published-21 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-1930
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.12% / 83.44%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-leapfirefoxopensuselinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1944
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.83% / 85.62%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSE
Product-leapfirefoxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1962
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.44% / 88.61%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-firefoxopensuselinuxn/a
CVE-2016-2804
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.20% / 78.06%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found