Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-1912

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Feb, 2014 | 18:00
Updated At-06 Aug, 2024 | 09:58
Rejected At-
Credits

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Feb, 2014 | 18:00
Updated At:06 Aug, 2024 | 09:58
Rejected At:
â–¼CVE Numbering Authority (CNA)

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://hg.python.org/cpython/rev/87673659d8f7
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1064.html
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
x_refsource_CONFIRM
http://pastebin.com/raw.php?i=GHXSmNEg
x_refsource_MISC
http://bugs.python.org/issue20246
x_refsource_CONFIRM
http://www.debian.org/security/2014/dsa-2880
vendor-advisory
x_refsource_DEBIAN
https://security.gentoo.org/glsa/201503-10
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/65379
vdb-entry
x_refsource_BID
http://www.openwall.com/lists/oss-security/2014/02/12/16
mailing-list
x_refsource_MLIST
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
vendor-advisory
x_refsource_APPLE
http://rhn.redhat.com/errata/RHSA-2015-1330.html
vendor-advisory
x_refsource_REDHAT
http://www.exploit-db.com/exploits/31875
exploit
x_refsource_EXPLOIT-DB
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
x_refsource_MISC
https://support.apple.com/kb/HT205031
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2125-1
vendor-advisory
x_refsource_UBUNTU
http://www.securitytracker.com/id/1029831
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://hg.python.org/cpython/rev/87673659d8f7
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1064.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://pastebin.com/raw.php?i=GHXSmNEg
Resource:
x_refsource_MISC
Hyperlink: http://bugs.python.org/issue20246
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2014/dsa-2880
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://security.gentoo.org/glsa/201503-10
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/65379
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.openwall.com/lists/oss-security/2014/02/12/16
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1330.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.exploit-db.com/exploits/31875
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
Resource:
x_refsource_MISC
Hyperlink: https://support.apple.com/kb/HT205031
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-2125-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.securitytracker.com/id/1029831
Resource:
vdb-entry
x_refsource_SECTRACK
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://hg.python.org/cpython/rev/87673659d8f7
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1064.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
x_refsource_CONFIRM
x_transferred
http://pastebin.com/raw.php?i=GHXSmNEg
x_refsource_MISC
x_transferred
http://bugs.python.org/issue20246
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2014/dsa-2880
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://security.gentoo.org/glsa/201503-10
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/65379
vdb-entry
x_refsource_BID
x_transferred
http://www.openwall.com/lists/oss-security/2014/02/12/16
mailing-list
x_refsource_MLIST
x_transferred
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1330.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.exploit-db.com/exploits/31875
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
x_refsource_MISC
x_transferred
https://support.apple.com/kb/HT205031
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-2125-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.securitytracker.com/id/1029831
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://hg.python.org/cpython/rev/87673659d8f7
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1064.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://pastebin.com/raw.php?i=GHXSmNEg
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://bugs.python.org/issue20246
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-2880
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201503-10
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/65379
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2014/02/12/16
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1330.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/31875
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://support.apple.com/kb/HT205031
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2125-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.securitytracker.com/id/1029831
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Mar, 2014 | 00:55
Updated At:29 Apr, 2026 | 01:13

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Python Software Foundation
python
>>python>>2.5.1
cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.5.2
cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.5.3
cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.5.4
cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.5.6
cpe:2.3:a:python:python:2.5.6:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.5.150
cpe:2.3:a:python:python:2.5.150:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.1
cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.2
cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.3
cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.4
cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.5
cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.6
cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.7
cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.8
cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.2150
cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.6.6150
cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.1
cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.1
cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.2
cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.3
cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.4
cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.5
cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.6
cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.1150
cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>2.7.1150
cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*
Python Software Foundation
python
>>python>>2.7.2150
cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions up to 10.10.4(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.0
cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.0.1
cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.1
cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.1.1
cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.1.2
cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.1.3
cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.1.4
cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.1.5
cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.1.2150
cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*
Python Software Foundation
python
>>python>>3.2
cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2
cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2.0
cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2.1
cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2.2
cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2.3
cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2.4
cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2.5
cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.2.2150
cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.3
cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.3
cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.3.0
cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.3.1
cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>3.3.2
cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.python.org/issue20246cve@mitre.org
Patch
http://hg.python.org/cpython/rev/87673659d8f7cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.htmlcve@mitre.org
N/A
http://pastebin.com/raw.php?i=GHXSmNEgcve@mitre.org
Exploit
http://rhn.redhat.com/errata/RHSA-2015-1064.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-1330.htmlcve@mitre.org
N/A
http://www.debian.org/security/2014/dsa-2880cve@mitre.org
N/A
http://www.exploit-db.com/exploits/31875cve@mitre.org
Exploit
http://www.openwall.com/lists/oss-security/2014/02/12/16cve@mitre.org
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlcve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/65379cve@mitre.org
N/A
http://www.securitytracker.com/id/1029831cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-2125-1cve@mitre.org
N/A
https://security.gentoo.org/glsa/201503-10cve@mitre.org
N/A
https://support.apple.com/kb/HT205031cve@mitre.org
Vendor Advisory
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/cve@mitre.org
Exploit
http://bugs.python.org/issue20246af854a3a-2127-422b-91ae-364da2661108
Patch
http://hg.python.org/cpython/rev/87673659d8f7af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://pastebin.com/raw.php?i=GHXSmNEgaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://rhn.redhat.com/errata/RHSA-2015-1064.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1330.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-2880af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.exploit-db.com/exploits/31875af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.openwall.com/lists/oss-security/2014/02/12/16af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/65379af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1029831af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2125-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201503-10af854a3a-2127-422b-91ae-364da2661108
N/A
https://support.apple.com/kb/HT205031af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/af854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://bugs.python.org/issue20246
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://hg.python.org/cpython/rev/87673659d8f7
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://pastebin.com/raw.php?i=GHXSmNEg
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1064.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1330.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-2880
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/31875
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.openwall.com/lists/oss-security/2014/02/12/16
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/65379
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029831
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2125-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201503-10
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT205031
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://bugs.python.org/issue20246
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://hg.python.org/cpython/rev/87673659d8f7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://pastebin.com/raw.php?i=GHXSmNEg
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1064.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1330.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-2880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/31875
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.openwall.com/lists/oss-security/2014/02/12/16
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/65379
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029831
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2125-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201503-10
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT205031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

4119Records found
CVE-2017-7130
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.73% / 82.82%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-0535
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-6.93% / 91.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CVE-2014-0516
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.30% / 80.10%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xwindowsflash_playerlinux_kerneln/a
CVE-2020-13417
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.17% / 79.07%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 20:47
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncAviatrix Systems, Inc.Apple Inc.Microsoft Corporation
Product-linux_kernelcontrollervpn_clientwindowsmacosgatewayn/a
CVE-2014-0548
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.32% / 80.28%
||
7 Day CHG~0.00%
Published-10 Sep, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerandroidlinux_kerneln/a
CVE-2014-0519
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.03% / 84.14%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xwindowsflash_playerlinux_kerneln/a
CVE-2014-0517
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.03% / 84.14%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xwindowsflash_playerlinux_kerneln/a
CVE-2014-0537
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.23% / 84.87%
||
7 Day CHG~0.00%
Published-09 Jul, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CVE-2020-13388
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.32% / 85.11%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 16:07
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

Action-Not Available
Vendor-n/aPython Software Foundation
Product-jw.utiln/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-0539
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.23% / 84.87%
||
7 Day CHG~0.00%
Published-09 Jul, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CVE-2014-0520
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.03% / 84.14%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xwindowsflash_playerlinux_kerneln/a
CVE-2022-0318
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.6||MEDIUM
EPSS-0.20% / 42.22%
||
7 Day CHG~0.00%
Published-21 Jan, 2022 | 00:00
Updated-15 Nov, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim prior to 8.2.

Action-Not Available
Vendor-VimDebian GNU/LinuxApple Inc.
Product-debian_linuxmacosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9804
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 78.88%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 16:13
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxmac_os_xFirefox
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-8767
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 64.05%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:50
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Processing a maliciously crafted string may lead to heap corruption.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-0518
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.03% / 84.14%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xwindowsflash_playerlinux_kerneln/a
CVE-2014-0534
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.34% / 85.20%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CVE-2019-8703
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 75.56%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CVE-2013-6646
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.76% / 82.99%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationDebian GNU/Linux
Product-debian_linuxmac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2019-8750
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.50%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt.

Action-Not Available
Vendor-Apple Inc.
Product-icloudwatchoswatchOSiCloud for Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-6641
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.92%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2019-8572
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.64% / 82.31%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:26
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-airport_base_station_firmwareAirPort Base Station Firmware Update
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-8613
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-9.59% / 93.03%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvostvOSwatchOSiOS
CWE ID-CWE-416
Use After Free
CVE-2019-8661
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.03% / 89.94%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-416
Use After Free
CVE-2019-8779
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-10||CRITICAL
EPSS-0.50% / 66.53%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2013-6643
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.18%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationDebian GNU/Linux
Product-debian_linuxmac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-8749
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.25% / 79.72%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:46
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvossafariicloudtvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8578
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.93% / 86.70%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:27
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-airport_base_station_firmwareAirPort Base Station Firmware Update
CWE ID-CWE-416
Use After Free
CVE-2013-6644
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.70% / 82.65%
||
7 Day CHG~0.00%
Published-16 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft CorporationDebian GNU/Linux
Product-debian_linuxmac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2019-8660
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-9.03% / 92.80%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8600
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-12.70% / 94.13%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOStvOS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-8547
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 77.40%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:26
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A remote attacker may be able to leak memory.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchosmacOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8648
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.68% / 86.14%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8849
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 69.68%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code.

Action-Not Available
Vendor-Apple Inc.
Product-swiftnio_sslSwift-Ubuntu
CVE-2019-8581
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 70.18%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:37
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory.

Action-Not Available
Vendor-Apple Inc.
Product-airport_base_station_firmwareAirPort Base Station Firmware Update
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8756
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.25% / 79.72%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:48
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.

Action-Not Available
Vendor-Apple Inc.
Product-ituneswatchostvosmac_os_xicloudtvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8662
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-12.12% / 93.95%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xiphone_oswatchostvostvOSmacOSwatchOSiOS
CWE ID-CWE-416
Use After Free
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-8643
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 66.53%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CVE-2019-8647
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-8.46% / 92.52%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvostvOSwatchOSiOS
CWE ID-CWE-416
Use After Free
CVE-2019-8746
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.31% / 85.07%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:44
Updated-04 Aug, 2024 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchostvosmac_os_xicloudtvOSmacOSwatchOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-8016
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.29% / 91.83%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:42
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8212
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.27% / 90.19%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:25
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8026
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.77%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:50
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8031
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.77%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:52
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-8236
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 74.37%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 20:46
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowscreative_cloudmacosAdobe Creative Cloud Desktop application
CVE-2019-7290
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-10||CRITICAL
EPSS-0.52% / 67.14%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.

Action-Not Available
Vendor-Apple Inc.
Product-shortcutsShortcuts
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2019-7288
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 67.54%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:23
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xmacOSiOS
CVE-2019-8041
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-39.72% / 97.40%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:56
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8206
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.30% / 87.48%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:24
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8050
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-31.40% / 96.88%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8055
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-30.10% / 96.77%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:05
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 82
  • 83
  • Next
Details not found