Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-3544

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-19 Oct, 2011 | 21:00
Updated At-30 Jul, 2025 | 01:47
Rejected At-
Credits

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Oracle CorporationOracle
Product:Java SE JDK and JRE
Added At:03 Mar, 2022
Due At:24 Mar, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Used in Ransomware

:

Unknown

CWE

:
N/A

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2011-3544
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:19 Oct, 2011 | 21:00
Updated At:30 Jul, 2025 | 01:47
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
vdb-entry
signature
x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2011-1384.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/50218
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id?1026215
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1263-1
vendor-advisory
x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
http://www.ibm.com/developerworks/java/jdk/alerts/
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/50218
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id?1026215
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1384.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/50218
vdb-entry
x_refsource_BID
x_transferred
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id?1026215
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-1263-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.ibm.com/developerworks/java/jdk/alerts/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/50218
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026215
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-03-03
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3544
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2011-3544 added to CISA KEV2022-03-03 00:00:00
Event: CVE-2011-3544 added to CISA KEV
Date: 2022-03-03 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:19 Oct, 2011 | 21:55
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-03-032022-03-24Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution VulnerabilityApply updates per vendor instructions.
Date Added: 2022-03-03
Due Date: 2022-03-24
Vulnerability Name: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Oracle Corporation
oracle
>>jdk>>Versions before 1.6.0(exclusive)
cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update7_b32:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update9_b31:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update9_b32:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>Versions before 1.6.0(exclusive)
cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlsecalert_us@oracle.com
Third Party Advisory
http://secunia.com/advisories/48308secalert_us@oracle.com
Broken Link
http://security.gentoo.org/glsa/glsa-201406-32.xmlsecalert_us@oracle.com
Third Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/secalert_us@oracle.com
Product
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlsecalert_us@oracle.com
Broken Link
http://www.securityfocus.com/bid/50218secalert_us@oracle.com
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026215secalert_us@oracle.com
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1263-1secalert_us@oracle.com
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849secalert_us@oracle.com
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947secalert_us@oracle.com
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48308af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-201406-32.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/af854a3a-2127-422b-91ae-364da2661108
Product
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/50218af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026215af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1263-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947af854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48308
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Source: secalert_us@oracle.com
Resource:
Product
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/50218
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1026215
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48308
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/50218
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1026215
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

1797Records found

CVE-2018-16840
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.07%
||
7 Day CHG~0.00%
Published-31 Oct, 2018 | 18:00
Updated-17 Apr, 2025 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

Action-Not Available
Vendor-Canonical Ltd.CURL
Product-curlubuntu_linuxcurl
CWE ID-CWE-416
Use After Free
CVE-2015-3038
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-10.40% / 92.92%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2018-16402
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 77.06%
||
7 Day CHG~0.00%
Published-03 Sep, 2018 | 19:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

Action-Not Available
Vendor-elfutils_projectn/aCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxelfutilsenterprise_linux_workstationenterprise_linux_desktopleapn/a
CWE ID-CWE-415
Double Free
CVE-2015-2740
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-4.14% / 88.20%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/LinuxNovellCanonical Ltd.
Product-solarisfirefoxfirefox_esrubuntu_linuxsuse_linux_enterprise_serverthunderbirddebian_linuxsuse_linux_enterprise_software_development_kitsuse_linux_enterprise_desktopn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-15981
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-31.05% / 96.59%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Google LLCAdobe Inc.Red Hat, Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-enterprise_linux_serverlinux_kernelwindows_8.1enterprise_linux_workstationchrome_osmac_os_xwindowsflash_player_desktop_runtimewindows_10enterprise_linux_desktopflash_playerFlash Player
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2018-14350
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.75% / 90.91%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 90.90%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14358
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.86% / 87.75%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14359
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.80% / 87.64%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-0219
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-10.74% / 93.05%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 14:18
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-instantis_enterprisetrackretail_xstore_point_of_servicecordova_inappbrowserCordova
CVE-2019-1003040
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-9.8||CRITICAL
EPSS-2.25% / 83.93%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 17:59
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.

Action-Not Available
Vendor-Red Hat, Inc.Jenkins
Product-openshift_container_platformscript_securityJenkins Script Security Plugin
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CVE-2019-0230
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.84% / 99.86%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 16:41
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-financial_services_data_integration_hubstrutsmysql_enterprise_monitorfinancial_services_market_risk_measurement_and_managementcommunications_policy_managementApache Struts
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2018-14324
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.46% / 84.61%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.

Action-Not Available
Vendor-n/aOracle Corporation
Product-glassfish_servern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-14599
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.95% / 82.72%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Debian GNU/LinuxX.Org FoundationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationfedoralibx11enterprise_linux_desktopn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2019-1010238
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-2.94% / 85.91%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 16:42
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxThe GNOME ProjectFedora ProjectOracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxsd-wan_edgeopenshift_container_platformenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_workstationenterprise_linux_euspangoenterprise_linux_server_tusenterprise_linux_desktopPango
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1512
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-17.91% / 94.89%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-416
Use After Free
CVE-2018-14667
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-88.85% / 99.50%
||
7 Day CHG~0.00%
Published-06 Nov, 2018 | 22:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-19||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-enterprise_linuxrichfacesRichFacesJBoss RichFaces Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0071
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-12.52% / 93.68%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 01:00
Updated-07 Aug, 2024 | 00:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2021-1994
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-26.77% / 96.17%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:49
Updated-26 Sep, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-enterprise_repositoryweblogic_serverWebLogic Server
CVE-2018-14353
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2015-0352
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.16% / 88.23%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2018-14649
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-58.11% / 98.10%
||
7 Day CHG~0.00%
Published-09 Oct, 2018 | 17:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-enterprise_linux_serverceph_storageenterprise_linux_workstationenterprise_linux_desktopceph-iscsi-cliceph-iscsi-cli
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2015-0350
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-4.16% / 88.23%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2018-14362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.40% / 89.74%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationneomuttenterprise_linux_server_tusenterprise_linux_desktopmuttn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-14351
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.48% / 84.69%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1528
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-10||HIGH
EPSS-1.12% / 77.33%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEFedora ProjectCanonical Ltd.Oracle CorporationMicrosoft Corporation
Product-solarisfirefoxopensuseseamonkeyubuntu_linuxfedorawindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0348
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.59% / 89.94%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-1842
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-6.72% / 90.89%
||
7 Day CHG~0.00%
Published-10 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openstackn/a
CVE-2018-14618
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.90%
||
7 Day CHG~0.00%
Published-05 Sep, 2018 | 19:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

Action-Not Available
Vendor-[UNKNOWN]Debian GNU/LinuxRed Hat, Inc.Canonical Ltd.CURL
Product-libcurldebian_linuxubuntu_linuxenterprise_linuxcurl
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-14357
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.28% / 84.05%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationneomuttenterprise_linux_server_tusenterprise_linux_desktopmuttn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-0358
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-2.32% / 84.18%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2015-0346
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-6.98% / 91.07%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Apple Inc.Microsoft Corporation
Product-flash_playerenterprise_linux_workstation_supplementarylinux_kernelopensuseenterprise_linux_server_supplementarysuse_linux_enterprise_desktopwindowsenterprise_linux_server_supplementary_eussuse_linux_workstation_extensionmac_os_xenterprise_linux_desktop_supplementaryn/a
CVE-2024-7207
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.00%
||
7 Day CHG~0.00%
Published-19 Sep, 2024 | 22:17
Updated-30 Sep, 2024 | 19:03
Rejected-30 Sep, 2024 | 19:03
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Duplicate of CVE-2024-45806.

Action-Not Available
Vendor-envoyproxyRed Hat, Inc.
Product-envoyopenshift_service_mesh
CWE ID-CWE-20
Improper Input Validation
CVE-2015-0313
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-93.17% / 99.79%
||
7 Day CHG~0.00%
Published-02 Feb, 2015 | 19:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-04||The impacted product is end-of-life and should be disconnected if still in use.

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.Apple Inc.SUSE
Product-windows_rtwindows_10_1507windows_8linux_kernelinternet_explorerevergreenedgelinux_enterprise_desktopwindows_8.1flash_playeropensusewindows_rt_8.1windowslinux_enterprise_workstation_extensionwindows_server_2012mac_os_xn/aFlash Player
CWE ID-CWE-416
Use After Free
CVE-2018-14719
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.53% / 87.19%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-global_lifecycle_management_opatchprimavera_unifiercommunications_billing_and_revenue_managemententerprise_manager_for_virtualizationopenshift_container_platformenterprise_linuxbanking_platformdatabase_serveroncommand_workflow_automationretail_merchandising_systemsnapcenterclusterwaresteelstore_cloud_integrated_storageprimavera_p6_enterprise_project_portfolio_managementdebian_linuxjackson-databindfinancial_services_analytical_applications_infrastructurejdeveloperretail_workforce_management_softwarewebcenter_portalbusiness_process_management_suiten/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-4117
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-92.78% / 99.75%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.

Action-Not Available
Vendor-n/aRed Hat, Inc.Adobe Inc.openSUSESUSE
Product-flash_playerenterprise_linux_serveropensuseenterprise_linux_desktopevergreenenterprise_linux_workstationenterprise_linux_server_from_rhuilinux_enterprise_desktoplinux_enterprise_workstation_extensionn/aFlash Player
CVE-2021-20236
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.44%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 10:42
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-zeromqn/aRed Hat, Inc.Fedora Project
Product-ceph_storagezeromqenterprise_linuxfedorazeromq
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14718
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.75% / 94.24%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-global_lifecycle_management_opatchprimavera_unifiercommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratoropenshift_container_platformenterprise_manager_for_virtualizationsiebel_ui_frameworkenterprise_linuxbanking_platformoncommand_workflow_automationcommunications_instant_messaging_serverretail_merchandising_systemwebcenter_portalsnapcentersteelstore_cloud_integrated_storageprimavera_p6_enterprise_project_portfolio_managementdebian_linuxjackson-databindfinancial_services_analytical_applications_infrastructurenosql_databasejdeveloperretail_workforce_management_softwarejd_edwards_enterpriseone_toolsretail_customer_management_and_segmentation_foundationbusiness_process_management_suiten/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-20578
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.22%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 16:20
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftcloud_pak_for_securityCloud Pak for Security
CWE ID-CWE-287
Improper Authentication
CVE-2014-2323
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-92.42% / 99.72%
||
7 Day CHG~0.00%
Published-14 Mar, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

Action-Not Available
Vendor-lighttpdn/aDebian GNU/LinuxopenSUSESUSE
Product-linux_enterprise_high_availability_extensionopensuselighttpddebian_linuxlinux_enterprise_software_development_kitn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-1312
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-8.00% / 91.75%
||
7 Day CHG-0.20%
Published-26 Mar, 2018 | 15:00
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationRed Hat, Inc.NetApp, Inc.Debian GNU/Linux
Product-enterprise_linux_serverhttp_serverubuntu_linuxclustered_data_ontapdebian_linuxcloud_backupenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopstoragegridjboss_core_servicesApache HTTP Server
CWE ID-CWE-287
Improper Authentication
CVE-2014-2421
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-8.19% / 91.86%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 02:05
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.IBM CorporationCanonical Ltd.Debian GNU/LinuxOracle CorporationMicrosoft Corporation
Product-junos_spacejrockitubuntu_linuxjdkforms_viewerwindowsdebian_linuxjren/a
CVE-2021-2064
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-29.69% / 96.47%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2021-20314
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.64%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 14:37
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Action-Not Available
Vendor-libspf2n/aRed Hat, Inc.Fedora Project
Product-libspf2enterprise_linuxfedoralibspf2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-1985
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-3.20% / 86.50%
||
7 Day CHG~0.00%
Published-22 Oct, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2022-31249
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-7.5||HIGH
EPSS-1.45% / 80.00%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[RANCHER] OS command injection in Rancher and Fleet

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

Action-Not Available
Vendor-SUSE
Product-wranglerRancher
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1270
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-88.67% / 99.48%
||
7 Day CHG~0.00%
Published-06 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.Oracle CorporationDebian GNU/Linux
Product-communications_diameter_signaling_routerinsurance_rules_paletteretail_central_officetape_library_acslsretail_back_officeretail_customer_insightsprimavera_gatewayretail_integration_busretail_returns_managementfuseretail_point-of-salehealthcare_master_person_indexcommunications_performance_intelligence_centerspring_frameworkservice_architecture_leveraging_tuxedodebian_linuxapplication_testing_suitehealth_sciences_information_managerretail_order_brokercommunications_converged_application_servergoldengate_for_big_dataretail_xstore_point_of_servicebig_data_discoveryinsurance_calculation_engineretail_open_commerce_platformenterprise_manager_ops_centercommunications_services_gatekeeperretail_predictive_application_serverSpring Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2018-1273
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-94.01% / 99.89%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 13:00
Updated-30 Jul, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

Action-Not Available
Vendor-VMware (Broadcom Inc.)The Apache Software FoundationOracle Corporation
Product-ignitespring_data_commonsspring_data_restfinancial_services_crime_and_compliance_management_studioSpring FrameworkSpring Data Commons
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2495
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-1.49% / 80.29%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSECanonical Ltd.
Product-linux_kernelubuntu_linuxsuse_linux_enterprise_high_availability_extensionsuse_linux_enterprise_desktopsuse_linux_enterprise_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2009-1992
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.41% / 84.48%
||
7 Day CHG~0.00%
Published-22 Oct, 2009 | 18:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationOracle Corporation
Product-windowsdatabase_servern/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 35
  • 36
  • Next
Details not found