Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-1568

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-25 Sep, 2014 | 17:00
Updated At-06 Aug, 2024 | 09:42
Rejected At-
Credits

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:25 Sep, 2014 | 17:00
Updated At:06 Aug, 2024 | 09:42
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/772676
third-party-advisory
x_refsource_CERT-VN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2014-1307.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/70116
vdb-entry
x_refsource_BID
http://www.ubuntu.com/usn/USN-2360-1
vendor-advisory
x_refsource_UBUNTU
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
vdb-entry
x_refsource_XF
http://www.novell.com/support/kb/doc.php?id=7015701
x_refsource_CONFIRM
http://secunia.com/advisories/61575
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
vendor-advisory
x_refsource_SUSE
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201504-01
vendor-advisory
x_refsource_GENTOO
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
x_refsource_CONFIRM
http://secunia.com/advisories/61574
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-2361-1
vendor-advisory
x_refsource_UBUNTU
http://www.debian.org/security/2014/dsa-3033
vendor-advisory
x_refsource_DEBIAN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-3034
vendor-advisory
x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2014-1371.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1354.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2014/dsa-3037
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
vendor-advisory
x_refsource_SUSE
http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2360-2
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/61540
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/61576
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/61583
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/772676
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1307.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/70116
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.ubuntu.com/usn/USN-2360-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.novell.com/support/kb/doc.php?id=7015701
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/61575
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/201504-01
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/61574
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-2361-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2014/dsa-3033
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2014/dsa-3034
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1371.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1354.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2014/dsa-3037
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2360-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/61540
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/61576
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/61583
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
x_refsource_CONFIRM
x_transferred
http://www.kb.cert.org/vuls/id/772676
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-1307.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/70116
vdb-entry
x_refsource_BID
x_transferred
http://www.ubuntu.com/usn/USN-2360-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
vdb-entry
x_refsource_XF
x_transferred
http://www.novell.com/support/kb/doc.php?id=7015701
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/61575
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
x_refsource_CONFIRM
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
x_transferred
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/201504-01
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/61574
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-2361-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.debian.org/security/2014/dsa-3033
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2014/dsa-3034
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-1371.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-1354.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2014/dsa-3037
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2360-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/61540
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/61576
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/61583
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/772676
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1307.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/70116
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2360-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.novell.com/support/kb/doc.php?id=7015701
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/61575
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201504-01
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/61574
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2361-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-3033
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-3034
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1371.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1354.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-3037
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2360-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/61540
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/61576
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/61583
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:25 Sep, 2014 | 17:55
Updated At:12 Apr, 2025 | 10:46

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Google LLC
google
>>chrome>>Versions up to 37.0.2062.120(inclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>Versions up to 32.0(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.0
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>31.1.0
cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>32.0.1
cpe:2.3:a:mozilla:firefox:32.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox>>32.0.2
cpe:2.3:a:mozilla:firefox:32.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>24.8.0
cpe:2.3:a:mozilla:firefox_esr:24.8.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>Versions up to 3.16.2.0(inclusive)
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.2
cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.2.1
cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.3
cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.3.1
cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.3.2
cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.4
cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.4.1
cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.4.2
cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.5
cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.6
cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.6.1
cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.7
cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.7.1
cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.7.2
cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.7.3
cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.7.5
cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.7.7
cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.8
cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.9
cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.11.2
cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.11.3
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.11.4
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.11.5
cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12
cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.1
cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.2
cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.3
cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.3.1
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.3.2
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.4
cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.5
cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.6
cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.7
cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.8
cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.9
cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.10
cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.12.11
cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.14
cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.14.1
cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>network_security_services>>3.14.2
cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.htmlsecurity@mozilla.org
N/A
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.htmlsecurity@mozilla.org
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698security@mozilla.org
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761security@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.htmlsecurity@mozilla.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2014-1307.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2014-1354.htmlsecurity@mozilla.org
N/A
http://rhn.redhat.com/errata/RHSA-2014-1371.htmlsecurity@mozilla.org
N/A
http://secunia.com/advisories/61540security@mozilla.org
N/A
http://secunia.com/advisories/61574security@mozilla.org
N/A
http://secunia.com/advisories/61575security@mozilla.org
N/A
http://secunia.com/advisories/61576security@mozilla.org
N/A
http://secunia.com/advisories/61583security@mozilla.org
N/A
http://www.debian.org/security/2014/dsa-3033security@mozilla.org
N/A
http://www.debian.org/security/2014/dsa-3034security@mozilla.org
N/A
http://www.debian.org/security/2014/dsa-3037security@mozilla.org
N/A
http://www.kb.cert.org/vuls/id/772676security@mozilla.org
US Government Resource
http://www.mozilla.org/security/announce/2014/mfsa2014-73.htmlsecurity@mozilla.org
Vendor Advisory
http://www.novell.com/support/kb/doc.php?id=7015701security@mozilla.org
N/A
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlsecurity@mozilla.org
N/A
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlsecurity@mozilla.org
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlsecurity@mozilla.org
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlsecurity@mozilla.org
N/A
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlsecurity@mozilla.org
N/A
http://www.securityfocus.com/bid/70116security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2360-1security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2360-2security@mozilla.org
N/A
http://www.ubuntu.com/usn/USN-2361-1security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636security@mozilla.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405security@mozilla.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194security@mozilla.org
N/A
https://security.gentoo.org/glsa/201504-01security@mozilla.org
N/A
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698af854a3a-2127-422b-91ae-364da2661108
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-1307.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-1354.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-1371.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61540af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61574af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61575af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61576af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61583af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-3033af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-3034af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-3037af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/772676af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mozilla.org/security/announce/2014/mfsa2014-73.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.novell.com/support/kb/doc.php?id=7015701af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/70116af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2360-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2360-2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2361-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1069405af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201504-01af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1307.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1354.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1371.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61540
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61574
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61575
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61576
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/61583
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3033
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3034
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3037
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/772676
Source: security@mozilla.org
Resource:
US Government Resource
Hyperlink: http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: http://www.novell.com/support/kb/doc.php?id=7015701
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/70116
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2360-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2360-2
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2361-1
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
Source: security@mozilla.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201504-01
Source: security@mozilla.org
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1307.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1354.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-1371.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61540
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61574
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61575
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61576
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61583
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3034
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3037
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/772676
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.novell.com/support/kb/doc.php?id=7015701
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/70116
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2360-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2360-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2361-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201504-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2139Records found
CVE-2011-0479
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.56% / 80.73%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_oschromen/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-1999-0412
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.80% / 93.45%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serverinternet_information_servicesn/a
CVE-1999-0450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.94% / 91.69%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serverinternet_information_servicesn/a
CVE-2022-23587
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.35%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:32
Updated-22 Apr, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2011-0484
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.87%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_oschromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24487
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.56% / 89.91%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:03
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2010-4487
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.79%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 on Linux and Mac OS X allows remote attackers to have an unspecified impact via a "dangerous file."

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-linux_kernelmacoschromen/a
CVE-2010-4041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 73.70%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CVE-2010-4205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.86% / 74.11%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-1999-0391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.81% / 87.64%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-terminal_serverwindows_ntwindows_2000n/a
CVE-2010-4492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.59%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoogle LLC
Product-debian_linuxchromen/a
CWE ID-CWE-416
Use After Free
CVE-2022-22641
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.08%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadostvostvOSmacOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2010-4039
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CVE-2022-22720
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-29.93% / 96.48%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 10:15
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

Action-Not Available
Vendor-The Apache Software FoundationApple Inc.Fedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitmac_os_xmacosenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2010-4578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoogle LLC
Product-chrome_osdebian_linuxchromen/a
CVE-2010-4042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.95% / 82.70%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-opensusechromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22632
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CVE-2010-4368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.78%
||
7 Day CHG~0.00%
Published-02 Dec, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.

Action-Not Available
Vendor-awstatsn/aMicrosoft Corporation
Product-awstatswindowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.28% / 90.55%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.

Action-Not Available
Vendor-webkitgtkn/aFedora ProjectGoogle LLC
Product-fedorachromewebkitgtkn/a
CWE ID-CWE-416
Use After Free
CVE-2010-4202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 74.56%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-4494
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 82.78%
||
7 Day CHG~0.00%
Published-07 Dec, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Action-Not Available
Vendor-n/aGoogle LLCFedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxSUSEThe Apache Software FoundationRed Hat, Inc.openSUSEApple Inc.HP Inc.
Product-fedorainsight_control_server_deploymentsuse_linux_enterprise_serverenterprise_linux_workstationrapid_deployment_packiphone_ositunessafarichromeopensusedebian_linuxlibxml2enterprise_linux_serveropenofficeenterprise_linux_desktopenterprise_linux_eusmac_os_xn/a
CWE ID-CWE-415
Double Free
CVE-2010-4568
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-28 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CVE-2010-4574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 73.58%
||
7 Day CHG~0.00%
Published-22 Dec, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchrome_oschromen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2010-4204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.35% / 88.50%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-webkitgtkn/aFedora ProjectGoogle LLC
Product-fedorachromewebkitgtkn/a
CVE-2022-22317
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.51%
||
7 Day CHG~0.00%
Published-20 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowscuram_social_program_managementz\/osaixCuram Social Program Management
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2010-3223
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.95%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008n/a
CVE-2010-3416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.86%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2903
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 39.14%
||
7 Day CHG~0.00%
Published-28 Jul, 2010 | 19:32
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2022-22485
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.23% / 45.89%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 15:20
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixspectrum_protect_operations_centerlinux_kernelwindowsSpectrum Protect Server
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2010-3004
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-6.21% / 90.49%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-operations_agentwindowsn/a
CVE-2010-3702
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.28% / 90.55%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Action-Not Available
Vendor-xpdfreadern/aSUSEDebian GNU/LinuxCanonical Ltd.Fedora ProjectRed Hat, Inc.openSUSEApple Inc.freedesktop.org
Product-ubuntu_linuxfedoraopensusepopplerdebian_linuxlinux_enterprise_serverenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopcupsxpdfn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-3729
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.26% / 88.36%
||
7 Day CHG~0.00%
Published-05 Oct, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-3173
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.35% / 84.25%
||
7 Day CHG~0.00%
Published-21 Oct, 2010 | 18:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbirdfirefoxseamonkeyn/a
CVE-2008-3068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.25% / 92.85%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishergrooveproject_standardinfopathwindows_live_mailproject_professionalfrontpagevisio_professionaloffice_communicatoroutlooksharepoint_designerofficepowerpointonenoteexcelvisio_standardaccessn/a
CVE-2010-2110
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-28 May, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2010-1665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.88% / 82.40%
||
7 Day CHG~0.00%
Published-30 Apr, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1965
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-1.73% / 81.69%
||
7 Day CHG~0.00%
Published-14 Jul, 2010 | 18:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-insight_orchestrationwindowsn/a
CVE-2014-8146
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-40.13% / 97.24%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.

Action-Not Available
Vendor-icu-projectn/aApple Inc.
Product-watchosinternational_components_for_unicodeitunesiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-11028
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.31%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 13:46
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-1500
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.13%
||
7 Day CHG~0.00%
Published-23 Apr, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2010-1237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.82%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22143
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.90%
||
7 Day CHG~0.00%
Published-01 May, 2022 | 15:30
Updated-17 Sep, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508)

Action-Not Available
Vendor-n/aMozilla Corporation
Product-convictconvict
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2010-1205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.03% / 94.72%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Action-Not Available
Vendor-libpngn/aMozilla CorporationSUSECanonical Ltd.Debian GNU/LinuxGoogle LLCFedora ProjectVMware (Broadcom Inc.)openSUSEApple Inc.
Product-ubuntu_linuxfedorafirefoxiphone_osthunderbirditunessafariseamonkeyworkstationchromeopensusedebian_linuxmac_os_x_serverlinux_enterprise_serverplayerlibpngmac_os_xn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-1378
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.57%
||
7 Day CHG~0.00%
Published-15 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2010-1231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.82%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2020-19510
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.94%
||
7 Day CHG~0.00%
Published-21 Jun, 2021 | 18:04
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.

Action-Not Available
Vendor-textpatternn/aMicrosoft Corporation
Product-windowstextpatternn/a
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2010-1234
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.76%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2010-0057
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 45.07%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2016-11038
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 13:17
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-galaxy_s5galaxy_note_edgegalaxy_note_3androidgalaxy_s6_edgegalaxy_s6galaxy_note_4n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0524
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.58%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 42
  • 43
  • Next
Details not found