Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-3121

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-09 Jul, 2015 | 16:00
Updated At-06 Aug, 2024 | 05:39
Rejected At-
Credits

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3120, CVE-2015-3122, and CVE-2015-4433.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:09 Jul, 2015 | 16:00
Updated At:06 Aug, 2024 | 05:39
Rejected At:
▼CVE Numbering Authority (CNA)

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3120, CVE-2015-3122, and CVE-2015-4433.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1032810
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/75595
vdb-entry
x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1214.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201507-13
vendor-advisory
x_refsource_GENTOO
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1032810
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/75595
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1214.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201507-13
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1032810
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/75595
vdb-entry
x_refsource_BID
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-1214.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201507-13
vendor-advisory
x_refsource_GENTOO
x_transferred
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032810
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/75595
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1214.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201507-13
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:09 Jul, 2015 | 16:59
Updated At:12 Apr, 2025 | 10:46

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3120, CVE-2015-3122, and CVE-2015-4433.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Adobe Inc.
adobe
>>flash_player>>Versions up to 11.2.202.468(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>-
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>air>>Versions up to 18.0.0.144(inclusive)
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>air_sdk>>Versions up to 18.0.0.144(inclusive)
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>air_sdk_\&_compiler>>Versions up to 18.0.0.144(inclusive)
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>Versions up to 13.0.0.289(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>14.0.0.125
cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>14.0.0.145
cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>14.0.0.176
cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>14.0.0.179
cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>15.0.0.152
cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>15.0.0.167
cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>15.0.0.189
cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>15.0.0.223
cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>15.0.0.239
cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>15.0.0.246
cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>16.0.0.235
cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>16.0.0.257
cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>16.0.0.287
cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>16.0.0.296
cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>17.0.0.134
cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>17.0.0.169
cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>17.0.0.188
cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>17.0.0.190
cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>18.0.0.160
cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>18.0.0.194
cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>-
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.htmlpsirt@adobe.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.htmlpsirt@adobe.com
N/A
http://rhn.redhat.com/errata/RHSA-2015-1214.htmlpsirt@adobe.com
N/A
http://www.securityfocus.com/bid/75595psirt@adobe.com
N/A
http://www.securitytracker.com/id/1032810psirt@adobe.com
N/A
https://helpx.adobe.com/security/products/flash-player/apsb15-16.htmlpsirt@adobe.com
Patch
Vendor Advisory
https://security.gentoo.org/glsa/201507-13psirt@adobe.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-1214.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/75595af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1032810af854a3a-2127-422b-91ae-364da2661108
N/A
https://helpx.adobe.com/security/products/flash-player/apsb15-16.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://security.gentoo.org/glsa/201507-13af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1214.html
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75595
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032810
Source: psirt@adobe.com
Resource: N/A
Hyperlink: https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Source: psirt@adobe.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201507-13
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-1214.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/75595
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032810
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/201507-13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2020-0646
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-93.86% / 99.86%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-29 Oct, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_10_1709windows_10_1507windows_10_1909windows_server_2012windows_server_2008windows_10_1903.net_frameworkwindows_10_1607windows_10_1809windows_server_2019windows_rt_8.1windows_8.1windows_server_2016windows_10_1803Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 3.5Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)Microsoft .NET Framework 4.8 on Windows RT 8.1Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based SystemsMicrosoft .NET Framework 3.0Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 4.6Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.5.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems.NET Framework
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2011-1868
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-36.23% / 97.00%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpwindows_2003_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1966
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-57.19% / 98.08%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1300
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.23% / 91.42%
||
7 Day CHG~0.00%
Published-15 Apr, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft CorporationGoogle LLC
Product-windowschromefirefoxn/a
CVE-2010-0055
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-10||HIGH
EPSS-0.40% / 60.09%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2007-3341
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-36.02% / 96.98%
||
7 Day CHG~0.00%
Published-21 Jun, 2007 | 23:00
Updated-07 Aug, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerall_windowsn/a
CVE-2011-0058
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.79% / 91.77%
||
7 Day CHG~0.00%
Published-02 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-windowsfirefoxseamonkeyn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-3595
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-34.03% / 96.86%
||
7 Day CHG~0.00%
Published-16 Nov, 2005 | 07:37
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpn/a
CVE-2010-0121
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-0.40% / 60.39%
||
7 Day CHG~0.00%
Published-14 Dec, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aRealNetworks LLCApple Inc.Linux Kernel Organization, Inc
Product-realplayer_sprealplayerlinux_kernelmac_os_xn/a
CVE-2011-0817
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.19% / 84.05%
||
7 Day CHG~0.00%
Published-14 Jun, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Microsoft Corporation
Product-windowsjdkjren/a
CVE-2010-5290
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.62% / 81.45%
||
7 Day CHG~0.00%
Published-20 Sep, 2013 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CVE-2005-3059
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.46% / 63.45%
||
7 Day CHG~0.00%
Published-26 Sep, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding."

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncOperaMicrosoft Corporation
Product-opera_browserlinux_kernelwindowsn/a
CVE-2011-0654
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-78.71% / 99.01%
||
7 Day CHG-0.80%
Published-16 Feb, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_2003_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4309
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.42% / 88.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4308.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.42% / 88.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4773
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.37% / 87.08%
||
7 Day CHG~0.00%
Published-23 Mar, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIBM CorporationHitachi, Ltd.Microsoft Corporation
Product-linux_kernelwindowsucosminexus_eur_form_serviceeur_form_serviceaixeur_form_clientn/a
CVE-2005-2122
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-45.10% / 97.50%
||
7 Day CHG-8.86%
Published-21 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CVE-2019-8001
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-21.66% / 95.59%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 18:56
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8712
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 76.44%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:43
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvostvOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2005-2511
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.40% / 60.00%
||
7 Day CHG~0.00%
Published-19 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CVE-2019-8248
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 82.71%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 15:37
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustrator_ccAdobe Illustrator CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8716
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.96%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:42
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8073
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-12.78% / 93.83%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 15:19
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionCold Fusion
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-7992
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-11.91% / 93.58%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 18:47
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8247
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 82.71%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 15:35
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Illustrator CC versions 23.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosillustrator_ccAdobe Illustrator CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8074
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-7.73% / 91.74%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 15:20
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionCold Fusion
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7998
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-21.66% / 95.59%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 18:54
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8237
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 76.68%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 20:46
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an insufficiently robust encryption vulnerability. Successful exploitation could lead to security feature bypass.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-8069
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.43% / 87.19%
||
7 Day CHG~0.00%
Published-12 Sep, 2019 | 18:04
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

Action-Not Available
Vendor-Google LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_oswindowsflash_player_desktop_runtimemacoswindows_10flash_playerFlash Player
CWE ID-CWE-346
Origin Validation Error
CVE-2019-8196
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-29.78% / 96.51%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:22
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8070
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.03% / 83.45%
||
7 Day CHG~0.00%
Published-12 Sep, 2019 | 18:07
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

Action-Not Available
Vendor-Google LLCAdobe Inc.Apple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindows_8.1chrome_oswindowsflash_player_desktop_runtimemacoswindows_10flash_playerFlash Player
CWE ID-CWE-416
Use After Free
CVE-2005-1983
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-87.81% / 99.45%
||
7 Day CHG~0.00%
Published-10 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000n/a
CVE-2019-7997
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-21.66% / 95.59%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 18:53
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-8195
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-29.78% / 96.51%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:20
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8049
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-41.50% / 97.31%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-3414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.24% / 47.01%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-macoschromen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8060
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-11.54% / 93.46%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 20:07
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2005-0551
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-34.12% / 96.86%
||
7 Day CHG~0.00%
Published-13 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CVE-2019-8255
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.20% / 89.69%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 19:38
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Linux Kernel Organization, IncAdobe Inc.Apple Inc.Microsoft Corporation
Product-windowsbracketslinux_kernelmac_os_xBrackets
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2009-3955
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-36.20% / 96.99%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 19:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsacrobat_readermac_os_xacrobatn/a
CWE ID-CWE-399
Not Available
CVE-2005-0059
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-88.94% / 99.51%
||
7 Day CHG~0.00%
Published-13 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_98windows_98sewindows_xpwindows_2000n/a
CVE-2019-7086
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.86% / 87.94%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:51
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-7767
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.00% / 83.34%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 13:29
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7970
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.47% / 96.30%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 17:27
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsphotoshop_ccmacosAdobe Photoshop CC
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-7087
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-3.86% / 87.94%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:51
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2019-7060
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.76% / 85.70%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:29
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7029
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.67% / 89.09%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:01
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7095
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-8.15% / 91.98%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:48
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-digital_editionswindowsAdobe Digital Editions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7025
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.67% / 89.09%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 17:59
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2005-0050
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-55.49% / 98.01%
||
7 Day CHG~0.00%
Published-08 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
Details not found