Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2860

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-17 Sep, 2011 | 10:00
Updated At-06 Aug, 2024 | 23:15
Rejected At-
Credits

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:17 Sep, 2011 | 10:00
Updated At:06 Aug, 2024 | 23:15
Rejected At:
▼CVE Numbering Authority (CNA)

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/69887
vdb-entry
x_refsource_XF
http://osvdb.org/75562
vdb-entry
x_refsource_OSVDB
http://www.securitytracker.com/id?1026774
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/48377
third-party-advisory
x_refsource_SECUNIA
http://code.google.com/p/chromium/issues/detail?id=93587
x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/48274
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
vdb-entry
signature
x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/48288
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69887
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://osvdb.org/75562
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securitytracker.com/id?1026774
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/48377
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=93587
Resource:
x_refsource_CONFIRM
Hyperlink: http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/48274
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/48288
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/69887
vdb-entry
x_refsource_XF
x_transferred
http://osvdb.org/75562
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securitytracker.com/id?1026774
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/48377
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://code.google.com/p/chromium/issues/detail?id=93587
x_refsource_CONFIRM
x_transferred
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
x_refsource_CONFIRM
x_transferred
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/48274
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/48288
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69887
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://osvdb.org/75562
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026774
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/48377
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=93587
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/48274
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/48288
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:19 Sep, 2011 | 12:02
Updated At:11 Apr, 2025 | 00:51

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Google LLC
google
>>chrome>>Versions before 14.0.835.163(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>itunes>>Versions before 10.6(exclusive)
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>Versions before 5.1.4(exclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 5.1(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://code.google.com/p/chromium/issues/detail?id=93587chrome-cve-admin@google.com
N/A
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.htmlchrome-cve-admin@google.com
N/A
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.htmlchrome-cve-admin@google.com
N/A
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.htmlchrome-cve-admin@google.com
N/A
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.htmlchrome-cve-admin@google.com
N/A
http://osvdb.org/75562chrome-cve-admin@google.com
N/A
http://secunia.com/advisories/48274chrome-cve-admin@google.com
N/A
http://secunia.com/advisories/48288chrome-cve-admin@google.com
N/A
http://secunia.com/advisories/48377chrome-cve-admin@google.com
N/A
http://www.securitytracker.com/id?1026774chrome-cve-admin@google.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/69887chrome-cve-admin@google.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499chrome-cve-admin@google.com
N/A
http://code.google.com/p/chromium/issues/detail?id=93587af854a3a-2127-422b-91ae-364da2661108
N/A
http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/75562af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48274af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48288af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48377af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026774af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/69887af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=93587
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://osvdb.org/75562
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48274
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48288
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48377
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026774
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69887
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=93587
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/75562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48274
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48288
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48377
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026774
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/69887
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14499
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3273Records found
CVE-2015-7030
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.60%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-xcoden/a
CVE-2010-2109
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.14%
||
7 Day CHG~0.00%
Published-28 May, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2010-1380
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-4.15% / 88.21%
||
7 Day CHG~0.00%
Published-17 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2010-1665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.88% / 82.40%
||
7 Day CHG~0.00%
Published-30 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1234
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.76%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-7036
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.07% / 86.22%
||
7 Day CHG~0.00%
Published-22 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6580
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.54%
||
7 Day CHG~0.00%
Published-03 Sep, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-v8chromen/a
CVE-2010-1205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.03% / 94.73%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Action-Not Available
Vendor-libpngn/aMozilla CorporationSUSECanonical Ltd.Debian GNU/LinuxGoogle LLCFedora ProjectVMware (Broadcom Inc.)openSUSEApple Inc.
Product-ubuntu_linuxfedorafirefoxiphone_osthunderbirditunessafariseamonkeyworkstationchromeopensusedebian_linuxmac_os_x_serverlinux_enterprise_serverplayerlibpngmac_os_xn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-1378
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.58%
||
7 Day CHG~0.00%
Published-15 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2014-4457
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.31%
||
7 Day CHG~0.00%
Published-18 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2015-6760
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.03% / 76.42%
||
7 Day CHG~0.00%
Published-15 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-6775
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.22% / 78.29%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-6766
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.71% / 81.60%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-5775
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1840
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-4.96% / 89.26%
||
7 Day CHG~0.00%
Published-15 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.83%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2014-4493
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.86%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2015-5776
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.02% / 86.09%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5874
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.21% / 86.54%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchositunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0533
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-0504
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.24% / 78.44%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5779
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.68% / 85.26%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xquicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6755
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.57%
||
7 Day CHG~0.00%
Published-15 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-6781
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.71% / 81.60%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2014-4485
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.98% / 85.99%
||
7 Day CHG~0.00%
Published-30 Jan, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xtvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-6768
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.50%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-6975
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5750
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.27%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3819
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 80.25%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28533562.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-14379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 80.03%
||
7 Day CHG-0.04%
Published-29 Jul, 2019 | 11:42
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationApple Inc.Fedora ProjectNetApp, Inc.FasterXML, LLC.Red Hat, Inc.
Product-single_sign-oncommunications_diameter_signaling_routerprimavera_unifiersiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratoropenshift_container_platformprimavera_gatewaysiebel_ui_frameworkenterprise_linuxactive_iq_unified_managerxcodebanking_platformoncommand_workflow_automationcommunications_instant_messaging_serversnapcenterdebian_linuxjackson-databindfinancial_services_analytical_applications_infrastructurefedoragoldengate_stream_analyticsretail_xstore_point_of_serviceservice_level_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolsretail_customer_management_and_segmentation_foundationn/a
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2014-4424
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.16% / 77.75%
||
7 Day CHG~0.00%
Published-19 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-os_x_servern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-19333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.12%
||
7 Day CHG~0.00%
Published-17 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.

Action-Not Available
Vendor-n/aGoogle LLC
Product-gvisorn/a
CVE-2009-3273
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.83%
||
7 Day CHG~0.00%
Published-21 Sep, 2009 | 19:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-310
Not Available
CVE-2014-3168
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.56% / 80.74%
||
7 Day CHG~0.00%
Published-27 Aug, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/LinuxopenSUSE
Product-debian_linuxopensusechromen/a
CVE-2009-3456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-29 Sep, 2009 | 17:00
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-310
Not Available
CVE-2016-3743
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.84%
||
7 Day CHG~0.00%
Published-11 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3152
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-3.20% / 86.50%
||
7 Day CHG~0.00%
Published-21 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

Action-Not Available
Vendor-n/aGoogle LLCFedora Project
Product-fedorav8chromen/a
CVE-2014-3169
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-3.25% / 86.62%
||
7 Day CHG~0.00%
Published-27 Aug, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/LinuxopenSUSE
Product-debian_linuxopensusechromen/a
CVE-2015-3329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.34% / 96.12%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.Oracle Corporation
Product-enterprise_linuxenterprise_linux_serversolarisenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_euslinuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3797
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.47%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-3154
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.70% / 81.53%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-4026
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.92% / 89.20%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_eusmac_os_xn/a
CVE-2015-3335
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.07% / 83.23%
||
7 Day CHG~0.00%
Published-19 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-opensusechromen/a
CVE-2015-3674
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.16% / 83.60%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-3178
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.29% / 78.86%
||
7 Day CHG~0.00%
Published-10 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-3804
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3717
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.44% / 79.92%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-sqliten/aApple Inc.
Product-iphone_osmac_os_xsqliten/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-18311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.04% / 93.17%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 21:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Action-Not Available
Vendor-perln/aDebian GNU/LinuxMcAfee, LLCNetApp, Inc.Red Hat, Inc.Fedora ProjectApple Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxopenshift_container_platformenterprise_linux_server_ausenterprise_linuxperlsnapdriversnapcenterdebian_linuxenterprise_linux_workstatione-series_santricity_os_controllerfedoramac_os_xsnap_creator_frameworkenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopweb_gatewayn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2014-3189
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.64%
||
7 Day CHG~0.00%
Published-08 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLC
Product-enterprise_linux_workstation_supplementaryenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_desktop_supplementaryn/a
CVE-2015-3414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.38% / 86.90%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.

Action-Not Available
Vendor-sqliten/aThe PHP GroupApple Inc.Debian GNU/LinuxCanonical Ltd.
Product-watchosubuntu_linuxphpdebian_linuxmac_os_xsqliten/a
CWE ID-CWE-908
Use of Uninitialized Resource
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 65
  • 66
  • Next
Details not found