Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0270

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Apr, 2010 | 15:44
Updated At-07 Aug, 2024 | 00:45
Rejected At-
Credits

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Apr, 2010 | 15:44
Updated At:07 Aug, 2024 | 00:45
Rejected At:
▼CVE Numbering Authority (CNA)

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/39372
third-party-advisory
x_refsource_SECUNIA
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
vendor-advisory
x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
third-party-advisory
x_refsource_CERT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/39372
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA10-103A.html
Resource:
third-party-advisory
x_refsource_CERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/39372
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
vendor-advisory
x_refsource_MS
x_transferred
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/39372
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA10-103A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Apr, 2010 | 16:00
Updated At:11 Apr, 2025 | 00:51

The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>-
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/39372secure@microsoft.com
N/A
http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlsecure@microsoft.com
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164secure@microsoft.com
N/A
http://secunia.com/advisories/39372af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA10-103A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/39372
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA10-103A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/39372
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA10-103A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2653Records found
CVE-2011-4727
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.86% / 82.30%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files.

Action-Not Available
Vendor-n/aParallels International GmbhRed Hat, Inc.Microsoft Corporation
Product-enterprise_linuxwindowsparallels_plesk_paneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2550
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-81.41% / 99.13%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1966
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-65.82% / 98.44%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8421
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-30.48% / 96.54%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_serverwindows_server_2012windows_8.1windows_rt_8.1windows_7windows_10.net_frameworkwindows_server_2008Microsoft .NET Framework
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1268
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-37.09% / 97.04%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0661
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-63.00% / 98.32%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0132
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-32.65% / 96.71%
||
7 Day CHG~0.00%
Published-09 Mar, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0137
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.58% / 67.90%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 00:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-windows_vistasafariwindows_xpmac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0301
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-7.40% / 91.35%
||
7 Day CHG~0.00%
Published-13 Jan, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-flash_playeradobe_airlinux_kerneladobe_air_sdk_and_compileradobe_air_sdkwindowsmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1350
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-93.58% / 99.83%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2020-07-24||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2019windows_server_2012windows_server_2016Windows ServerWindows Server, version 1909 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows Server, version 2004 (Server Core installation)Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26606
Matching Score-10
Assigner-KrCERT/CC
ShareView Details
Matching Score-10
Assigner-KrCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.01%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 14:08
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DreamSecurity MagicLine Buffer Overflow Vulnerability

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.

Action-Not Available
Vendor-dreamsecurityDream Security Co.,LtdMicrosoft Corporation
Product-windowsmagicline4nx.exeMagicLine4NX.exe
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-26622
Matching Score-10
Assigner-KrCERT/CC
ShareView Details
Matching Score-10
Assigner-KrCERT/CC
CVSS Score-9.6||CRITICAL
EPSS-2.27% / 84.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:02
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Genian NAC remote code execution vulnerability

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.

Action-Not Available
Vendor-geniansGenians Co., LtdMicrosoft Corporation
Product-windowsgenian_nacGenian NAC Suite V4.0Genian NAC V5.0 & Genian NAC Suite V5.0
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-3479
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-65.92% / 98.45%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 00:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1318
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-61.37% / 98.25%
||
7 Day CHG~0.00%
Published-15 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2822
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-10||HIGH
EPSS-0.35% / 56.82%
||
7 Day CHG~0.00%
Published-29 Aug, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aGoogle LLCMicrosoft Corporation
Product-windowschromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-0213
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-83.33% / 99.22%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1330
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-67.30% / 98.50%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_appssharepoint_portal_serversharepoint_servicessharepoint_serversharepoint_foundationn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-0050
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-49.02% / 97.69%
||
7 Day CHG~0.00%
Published-08 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0840
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-47.85% / 97.63%
||
7 Day CHG~0.00%
Published-16 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpexchange_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-7959
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.72% / 94.85%
||
7 Day CHG~0.00%
Published-16 Aug, 2019 | 16:40
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudmac_os_xCreative Cloud Desktop Application
CWE ID-CWE-20
Improper Input Validation
CVE-2017-11771
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-65.61% / 98.43%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows Search
CWE ID-CWE-20
Improper Input Validation
CVE-2016-7182
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-35.43% / 96.92%
||
7 Day CHG~0.00%
Published-14 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-live_meetingwindows_7windows_server_2008word_viewerlyncwindows_rt_8.1skype_for_businesswindows_vistaofficewindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26607
Matching Score-10
Assigner-KrCERT/CC
ShareView Details
Matching Score-10
Assigner-KrCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.97% / 75.64%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 12:06
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOBESOFT NEXACRO17 arbitrary command execution vulnerability

An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.

Action-Not Available
Vendor-tobesoftTOBESOFTMicrosoft Corporation
Product-windowsnexacroNEXACRO17
CWE ID-CWE-20
Improper Input Validation
CVE-2015-5568
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-31.84% / 96.66%
||
7 Day CHG~0.00%
Published-22 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-0697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-17.12% / 94.74%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-metadirectory_servicesn/a
CVE-2002-0018
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-36.04% / 96.97%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/a
CVE-2002-0736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.93% / 94.49%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-backofficen/a
CVE-2011-4369
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-13.04% / 93.82%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Action-Not Available
Vendor-unixn/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatunixmac_os_xn/a
CVE-2010-2703
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-82.23% / 99.17%
||
7 Day CHG~0.00%
Published-27 Jul, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-windowsopenview_network_node_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-4187
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-27.72% / 96.26%
||
7 Day CHG~0.00%
Published-20 Feb, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173.

Action-Not Available
Vendor-n/aNovellMicrosoft Corporation
Product-windowsiprintn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0708
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft CorporationSiemens AGHuawei Technologies Co., Ltd.
Product-ch240umaaxiom_multix_mrh1288_v2_firmwarerh5885_v3multix_pro_acssaxiom_vertix_solitaire_msyngo_lab_process_managerx6000multix_pro_acss_firmwareaxiom_multix_m_firmwaremultix_swing_firmwarerh5885_v3_firmwareoceanstor_hvs85tmultix_pro_p_firmwarebh622_v2_firmwareoceanstor_18500bh621_v2_firmwarerh2265_v2windows_7ch140bh620_v2aptio_firmwarech121oceanstor_18500_firmwarerh1288a_v2_firmwarerh2285h_v2ch221_firmwareespace_ecs_firmwaregtsoftx3000_firmwaresmc2.0_firmwarech242_v3centralinkmultix_top_acss_pmultix_proatellica_solutionch242uma_firmwarerh2288e_v2smc2.0rh2288h_v2rapidpoint_500_firmwarech221oceanstor_hvs85t_firmwarerh2288_v2lantisrh2285_v2_firmwaree6000_chassis_firmwareelog_firmwaremultix_top_pbh640_v2ch240_firmwarerh1288_v2seco_vsmviva_e_firmwarerh2485_v2rh2288_v2_firmwarech222_firmwarech140_firmwarevertix_solitaire_firmwarelantis_firmwarerh5885_v2ch220_firmwaremultix_swingaptiorapidpoint_500streamlab_firmwareagile_controller-campus_firmwaremobilett_xp_digital_firmwarerh2268_v2x8000axiom_vertix_md_trauma_firmwaremultix_pro_navy_firmwarerh1288a_v2x8000_firmwarerh5885_v2_firmwaregtsoftx3000vertix_solitaireatellica_solution_firmwarech220multix_pro_firmwarebh622_v2multix_top_acss_firmwareaxiom_vertix_md_traumarh2285_v2oceanstor_hvs88t_firmwarewindows_server_2008oceanstor_18800frh2265_v2_firmwarerh2268_v2_firmwareelogmultix_topbh621_v2rh2288a_v2_firmwaremobilett_xp_digitale6000_firmwarebh640_v2_firmwaremultix_pro_acss_p_firmwarech242_firmwarerh2285h_v2_firmwarerh2288e_v2_firmwareoceanstor_18800f_firmwareviva_ex6000_firmwarebh620_v2_firmwareespace_ecse6000centralink_firmwarech121_firmwaremultix_top_firmwaremultix_top_p_firmwareviva_twinrh2288a_v2multix_top_acssmultix_pro_acss_pe6000_chassismultix_pro_paxiom_vertix_solitaire_m_firmwareoceanstor_18800oceanstor_18800_firmwarech242_v3_firmwareagile_controller-campusrh2485_v2_firmwaremultix_top_acss_p_firmwareseco_vsm_firmwarestreamlabrh2288h_v2_firmwaremultix_pro_navych222oceanstor_hvs88tviva_twin_firmwareWindows ServerWindowsRemote Desktop Services
CWE ID-CWE-416
Use After Free
CVE-2019-0586
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.84% / 95.39%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-787
Out-of-bounds Write
CVE-2000-1089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-68.84% / 98.56%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000n/a
CVE-2010-2217
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.97% / 90.31%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability."

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelflash_media_serverflash_media_server_2windowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-4090
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.31% / 86.74%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4208
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-15.08% / 94.31%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2001-0045
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.24% / 78.45%
||
7 Day CHG~0.00%
Published-02 Feb, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntn/a
CVE-2000-0854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-43.81% / 97.44%
||
7 Day CHG+6.06%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CVE-2011-2456
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.06% / 89.37%
||
7 Day CHG~0.00%
Published-11 Nov, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playeradobe_airmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2453
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-1.77% / 81.88%
||
7 Day CHG~0.00%
Published-11 Nov, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playeradobe_airmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-8476
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-48.70% / 97.67%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2008Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2016
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4270
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.72% / 90.08%
||
7 Day CHG~0.00%
Published-26 Aug, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, and CVE-2016-4269.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-8327
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-21.26% / 95.46%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 00:00
Updated-16 Jul, 2025 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.

Action-Not Available
Vendor-Microsoft Corporation
Product-powershellpowershell_editor_servicesPowerShell ExtensionPowerShell Editor
CVE-2001-0241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-88.82% / 99.49%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CVE-2000-1034
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.43% / 94.38%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CVE-2016-4091
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-12.44% / 93.65%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4092.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2138
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.53% / 88.72%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowsandroidflash_playersunosadobe_airmac_os_xn/a
CVE-2011-2425
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-9.78% / 92.65%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowsandroidflash_playersunosadobe_airmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4089
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.31% / 86.74%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_dcreaderwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-8540
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.83% / 93.46%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10.net_frameworkwindows_server_2019windows_server_2008Microsoft .NET Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 53
  • 54
  • Next
Details not found