Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-3168

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-27 Aug, 2014 | 01:00
Updated At-06 Aug, 2024 | 10:35
Rejected At-
Credits

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:27 Aug, 2014 | 01:00
Updated At:06 Aug, 2024 | 10:35
Rejected At:
▼CVE Numbering Authority (CNA)

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://src.chromium.org/viewvc/blink?revision=174923&view=revision
x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
x_refsource_CONFIRM
http://secunia.com/advisories/60424
third-party-advisory
x_refsource_SECUNIA
https://src.chromium.org/viewvc/blink?revision=174338&view=revision
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95468
vdb-entry
x_refsource_XF
http://secunia.com/advisories/61482
third-party-advisory
x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201408-16.xml
vendor-advisory
x_refsource_GENTOO
https://crbug.com/369860
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/60268
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/69398
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1030767
vdb-entry
x_refsource_SECTRACK
http://www.debian.org/security/2014/dsa-3039
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174923&view=revision
Resource:
x_refsource_CONFIRM
Hyperlink: http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/60424
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174338&view=revision
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95468
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/61482
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-201408-16.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://crbug.com/369860
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/60268
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/69398
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1030767
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.debian.org/security/2014/dsa-3039
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://src.chromium.org/viewvc/blink?revision=174923&view=revision
x_refsource_CONFIRM
x_transferred
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/60424
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://src.chromium.org/viewvc/blink?revision=174338&view=revision
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/95468
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/61482
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://security.gentoo.org/glsa/glsa-201408-16.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://crbug.com/369860
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/60268
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/69398
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1030767
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.debian.org/security/2014/dsa-3039
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174923&view=revision
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/60424
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174338&view=revision
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95468
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/61482
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201408-16.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://crbug.com/369860
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/60268
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/69398
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1030767
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-3039
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:27 Aug, 2014 | 01:55
Updated At:12 Apr, 2025 | 10:46

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

Google LLC
google
>>chrome>>Versions up to 37.0.2062.93(inclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.0
cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.1
cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.2
cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.3
cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.4
cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.5
cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.6
cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.7
cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.8
cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.9
cpe:2.3:a:google:chrome:37.0.2062.9:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.10
cpe:2.3:a:google:chrome:37.0.2062.10:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.11
cpe:2.3:a:google:chrome:37.0.2062.11:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.12
cpe:2.3:a:google:chrome:37.0.2062.12:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.13
cpe:2.3:a:google:chrome:37.0.2062.13:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.14
cpe:2.3:a:google:chrome:37.0.2062.14:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.15
cpe:2.3:a:google:chrome:37.0.2062.15:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.16
cpe:2.3:a:google:chrome:37.0.2062.16:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.17
cpe:2.3:a:google:chrome:37.0.2062.17:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.18
cpe:2.3:a:google:chrome:37.0.2062.18:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.19
cpe:2.3:a:google:chrome:37.0.2062.19:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.20
cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.21
cpe:2.3:a:google:chrome:37.0.2062.21:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.22
cpe:2.3:a:google:chrome:37.0.2062.22:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.23
cpe:2.3:a:google:chrome:37.0.2062.23:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.24
cpe:2.3:a:google:chrome:37.0.2062.24:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.25
cpe:2.3:a:google:chrome:37.0.2062.25:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.26
cpe:2.3:a:google:chrome:37.0.2062.26:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.27
cpe:2.3:a:google:chrome:37.0.2062.27:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.28
cpe:2.3:a:google:chrome:37.0.2062.28:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.29
cpe:2.3:a:google:chrome:37.0.2062.29:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.30
cpe:2.3:a:google:chrome:37.0.2062.30:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.31
cpe:2.3:a:google:chrome:37.0.2062.31:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.32
cpe:2.3:a:google:chrome:37.0.2062.32:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.33
cpe:2.3:a:google:chrome:37.0.2062.33:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.34
cpe:2.3:a:google:chrome:37.0.2062.34:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.35
cpe:2.3:a:google:chrome:37.0.2062.35:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.36
cpe:2.3:a:google:chrome:37.0.2062.36:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.37
cpe:2.3:a:google:chrome:37.0.2062.37:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.39
cpe:2.3:a:google:chrome:37.0.2062.39:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.43
cpe:2.3:a:google:chrome:37.0.2062.43:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.44
cpe:2.3:a:google:chrome:37.0.2062.44:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.45
cpe:2.3:a:google:chrome:37.0.2062.45:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.46
cpe:2.3:a:google:chrome:37.0.2062.46:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.47
cpe:2.3:a:google:chrome:37.0.2062.47:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.48
cpe:2.3:a:google:chrome:37.0.2062.48:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.49
cpe:2.3:a:google:chrome:37.0.2062.49:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.50
cpe:2.3:a:google:chrome:37.0.2062.50:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.51
cpe:2.3:a:google:chrome:37.0.2062.51:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>37.0.2062.52
cpe:2.3:a:google:chrome:37.0.2062.52:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

CWE-416: Use After Free
Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.htmlchrome-cve-admin@google.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.htmlchrome-cve-admin@google.com
N/A
http://secunia.com/advisories/60268chrome-cve-admin@google.com
N/A
http://secunia.com/advisories/60424chrome-cve-admin@google.com
N/A
http://secunia.com/advisories/61482chrome-cve-admin@google.com
N/A
http://security.gentoo.org/glsa/glsa-201408-16.xmlchrome-cve-admin@google.com
N/A
http://www.debian.org/security/2014/dsa-3039chrome-cve-admin@google.com
N/A
http://www.securityfocus.com/bid/69398chrome-cve-admin@google.com
N/A
http://www.securitytracker.com/id/1030767chrome-cve-admin@google.com
N/A
https://crbug.com/369860chrome-cve-admin@google.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95468chrome-cve-admin@google.com
N/A
https://src.chromium.org/viewvc/blink?revision=174338&view=revisionchrome-cve-admin@google.com
N/A
https://src.chromium.org/viewvc/blink?revision=174923&view=revisionchrome-cve-admin@google.com
N/A
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/60268af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/60424af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/61482af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-201408-16.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-3039af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/69398af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1030767af854a3a-2127-422b-91ae-364da2661108
N/A
https://crbug.com/369860af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95468af854a3a-2127-422b-91ae-364da2661108
N/A
https://src.chromium.org/viewvc/blink?revision=174338&view=revisionaf854a3a-2127-422b-91ae-364da2661108
N/A
https://src.chromium.org/viewvc/blink?revision=174923&view=revisionaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/60268
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/60424
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/61482
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201408-16.xml
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3039
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/69398
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030767
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://crbug.com/369860
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95468
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174338&view=revision
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174923&view=revision
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/60268
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/60424
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/61482
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201408-16.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-3039
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/69398
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030767
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://crbug.com/369860
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/95468
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174338&view=revision
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://src.chromium.org/viewvc/blink?revision=174923&view=revision
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1647Records found

CVE-2018-16947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.57% / 80.77%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 01:00
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.

Action-Not Available
Vendor-openafsn/aDebian GNU/Linux
Product-openafsdebian_linuxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-17963
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.37% / 84.32%
||
7 Day CHG-0.06%
Published-09 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aQEMUCanonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-ubuntu_linuxvirtualizationdebian_linuxvirtualization_managerqemuopenstackn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-3145
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-65.09% / 98.41%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectApple Inc.HP Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.CURL
Product-solarislibcurlsystem_management_homepagefedoraopensuseubuntu_linuxcurldebian_linuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.15% / 86.37%
||
7 Day CHG~0.00%
Published-01 May, 2009 | 17:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file.

Action-Not Available
Vendor-francis_james_franklinn/aopenSUSE
Product-opensuselibwmfn/a
CVE-2018-16839
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 55.70%
||
7 Day CHG~0.00%
Published-31 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

Action-Not Available
Vendor-Debian GNU/LinuxCanonical Ltd.CURL
Product-curlubuntu_linuxdebian_linuxcurl:
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1151
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-93.03% / 99.77%
||
7 Day CHG~0.00%
Published-26 Mar, 2009 | 14:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Action-Not Available
Vendor-n/aphpMyAdminDebian GNU/Linux
Product-debian_linuxphpmyadminn/aphpMyAdmin
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-2913
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.54% / 95.01%
||
7 Day CHG~0.00%
Published-07 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

Action-Not Available
Vendor-n/aNagios Enterprises, LLCopenSUSE
Product-remote_plugin_executoropensusen/a
CVE-2021-20204
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.71% / 85.33%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 14:50
Updated-17 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.

Action-Not Available
Vendor-getdata_projectn/aDebian GNU/LinuxFedora Project
Product-getdatadebian_linuxfedoragetdata
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2014-3171
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.78% / 81.95%
||
7 Day CHG~0.00%
Published-27 Aug, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2018-16402
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 77.06%
||
7 Day CHG~0.00%
Published-03 Sep, 2018 | 19:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

Action-Not Available
Vendor-elfutils_projectn/aCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxelfutilsenterprise_linux_workstationenterprise_linux_desktopleapn/a
CWE ID-CWE-415
Double Free
CVE-2015-2709
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.35%
||
7 Day CHG~0.00%
Published-14 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationNovellopenSUSE
Product-firefoxopensusesuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CVE-2014-3156
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.36% / 84.30%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-14361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 72.67%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.

Action-Not Available
Vendor-neomuttn/aDebian GNU/Linux
Product-debian_linuxneomuttn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0946
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.82% / 93.46%
||
7 Day CHG~0.00%
Published-17 Apr, 2009 | 00:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

Action-Not Available
Vendor-freetypen/aSUSEDebian GNU/LinuxopenSUSEApple Inc.Canonical Ltd.
Product-freetypeubuntu_linuxlinux_enterprise_serverdebian_linuxiphone_osopensusesafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-1262
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.17% / 83.65%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-debian_linuxchromen/a
CVE-2015-1265
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-5.70% / 90.06%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-debian_linuxchromen/a
CVE-2014-1727
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.27% / 78.72%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2018-16657
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.48%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.

Action-Not Available
Vendor-kamailion/aDebian GNU/Linux
Product-debian_linuxkamailion/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2015-1297
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.31%
||
7 Day CHG~0.00%
Published-03 Sep, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2014-1706
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.54%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_osn/a
CVE-2018-14350
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.75% / 90.91%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.12%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.

Action-Not Available
Vendor-neomuttn/aDebian GNU/Linux
Product-debian_linuxneomuttn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-1284
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.22% / 78.29%
||
7 Day CHG~0.00%
Published-23 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCopenSUSE
Product-enterprise_linux_workstation_supplementaryopensuseenterprise_linux_server_supplementarychromeenterprise_linux_desktop_supplementaryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1227
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.02% / 76.29%
||
7 Day CHG~0.00%
Published-09 Mar, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2015-1295
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.38%
||
7 Day CHG~0.00%
Published-03 Sep, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2018-14352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.73% / 90.90%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1710
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.39%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-14358
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.86% / 87.75%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-14359
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.80% / 87.64%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-14600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.60% / 92.06%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.X.Org Foundation
Product-libx11debian_linuxubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-1302
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.34%
||
7 Day CHG~0.00%
Published-11 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-1222
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.94%
||
7 Day CHG~0.00%
Published-09 Mar, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2018-14599
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.95% / 82.72%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Debian GNU/LinuxX.Org FoundationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationfedoralibx11enterprise_linux_desktopn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2015-1237
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.31% / 84.12%
||
7 Day CHG~0.00%
Published-19 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxubuntu_linuxchromen/a
CVE-2019-1010238
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-8
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-9.8||CRITICAL
EPSS-2.94% / 85.91%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 16:42
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxThe GNOME ProjectFedora ProjectOracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxsd-wan_edgeopenshift_container_platformenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_workstationenterprise_linux_euspangoenterprise_linux_server_tusenterprise_linux_desktopPango
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-1346
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.85%
||
7 Day CHG~0.00%
Published-22 Jan, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Action-Not Available
Vendor-chromiumn/aGoogle LLCCanonical Ltd.
Product-v8ubuntu_linuxchromiumchromen/a
CVE-2021-20307
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.54%
||
7 Day CHG~0.00%
Published-05 Apr, 2021 | 21:34
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.

Action-Not Available
Vendor-libpano13_projectn/aDebian GNU/LinuxFedora Project
Product-libpano13debian_linuxfedoralibpano13
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2015-1256
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.69% / 85.29%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-debian_linuxchromen/a
CVE-2015-1294
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.08% / 76.94%
||
7 Day CHG~0.00%
Published-03 Sep, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2009-5041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.17%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:35
Updated-07 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

overkill has buffer overflow via long player names that can corrupt data on the server machine

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-overkilln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-1242
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-2.03% / 83.06%
||
7 Day CHG~0.00%
Published-19 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-debian_linuxv8ubuntu_linuxchromen/a
CVE-2014-1717
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.18%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2018-14720
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.41% / 86.97%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationFasterXML, LLC.Debian GNU/Linux
Product-debian_linuxprimavera_unifiercommunications_billing_and_revenue_managementjackson-databindenterprise_manager_for_virtualizationfinancial_services_analytical_applications_infrastructureopenshift_container_platformjdeveloperbanking_platformjboss_enterprise_application_platformretail_merchandising_systemwebcenter_portaln/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2015-1259
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.15% / 77.66%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-debian_linuxchromen/a
CVE-2018-15482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 27.10%
||
7 Day CHG~0.00%
Published-17 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 09:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.

Action-Not Available
Vendor-n/aLG Electronics Inc.Google LLC
Product-v20q8x_camg5v10g6x300androidx500v30g6\+x400v30s_thinqv30\+q6n/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2008-7220
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.74% / 94.02%
||
7 Day CHG~0.00%
Published-13 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.

Action-Not Available
Vendor-prototypejsn/aDebian GNU/Linux
Product-prototypedebian_linuxn/a
CVE-2014-1711
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.88%
||
7 Day CHG~0.00%
Published-16 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chrome_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-14353
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

Action-Not Available
Vendor-neomuttmuttn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmuttneomuttn/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2015-1252
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-1.24% / 78.43%
||
7 Day CHG~0.00%
Published-20 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-debian_linuxchromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4160
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.36% / 84.32%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kerneliphone_osflash_player_desktop_runtimeair_desktop_runtimeair_sdkair_sdk_\&_compilerwindowswindows_8.1mac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 32
  • 33
  • Next
Details not found